CVE-2019-6156

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
lenovoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
lenovo510-15ikl_firmware
-
lenovo510s-08ikl_firmware
-
lenovoideacentre_300-20ish_firmware
-
lenovoideacentre_300s-11ish_firmware
-
lenovoideacentre_510s-08ish_firmware
-
lenovoideacentre_620s-03ikl_firmware
-
lenovolegion_y520t_z370_firmware
-
lenovolegion_y720_tower_firmware
-
lenovolegion_y920_tower_firmware
-
lenovolenovo_63_firmware
-
lenovoh50-30g_desktop_firmware
-
lenovom4500_firmware
-
lenovom4500_id_firmware
-
lenovom4550_id_firmware
-
lenovo530s-07icb_firmware
-
lenovoqitian_4500_firmware
-
lenovoqitian_b4550_firmware
-
lenovoqitian_b4650_firmware
-
lenovoqitian_m4550_firmware
-
lenovoqitian_m4600_firmware
-
lenovoqitian_m4650_firmware
-
lenovoqt_m410_firmware
-
lenovoqt_b415_firmware
-
lenovoqt_m415_firmware
-
lenovothinkcentre_e73_\(sff\)_firmware
-
lenovothinkcentre_e73_\(twr\)_firmware
-
lenovothinkcentre_e73s_firmware
-
lenovothinkcentre_e74_firmware
-
lenovothinkcentre_e74s_firmware
-
lenovothinkcentre_e75t_firmware
-
lenovothinkcentre_e75s_firmware
-
lenovothinkcentre_m4500k_firmware
-
lenovothinkcentre_m4500q_firmware
-
lenovothinkcentre_m4500t_firmware
-
lenovothinkcentre_m4500s_firmware
-
lenovothinkcentre_m4600t_firmware
-
lenovothinkcentre_m4600s_firmware
-
lenovothinkcentre_m700t_firmware
-
lenovothinkcentre_m700s_firmware
-
lenovothinkcentre_m710e_firmware
-
lenovothinkcentre_m710t_firmware
-
lenovothinkcentre_m710s_firmware
-
lenovothinkcentre_m73_\(sff\)_firmware
-
lenovothinkcentre_m73_\(twr\)_firmware
-
lenovothinkcentre_m73_tiny_firmware
-
lenovothinkcentre_s510_firmware
-
lenovov520s-08ikl_firmware
-
lenovov520t-15ikl_firmware
-
lenovoyangtian_afh110_firmware
-
lenovoyangtian_afh81_firmware
-
lenovoyangtian_mc_h110_firmware
-
lenovoyangtian_mc_h110_pci_firmware
-
lenovoyangtian_mc_h81_firmware
-
lenovoyangtian_me\/we_h110_firmware
-
lenovoyangtian_mf\/wf_h110_pci_firmware
-
lenovoyangtian_mf\/wf_h81_pci_firmware
-
lenovoyangtian_ms\/ws_h81_firmware
-
lenovoyangtian_tc\/wc_h110_pci_firmware
-
lenovoyangtian_tc\/wcc_h81_pci_firmware
-
lenovoyangtian_ytm6900e-00_firmware
-
lenovoaio_y910-27ish_firmware
-
lenovoaio520-22ikl_firmware
-
lenovoaio520-22iku_firmware
-
lenovoaio520-24ikl_firmware
-
lenovoaio520-24iku_firmware
-
lenovoaio520-27ikl_firmware
-
lenovoqt_a7400_firmware
-
lenovothinkcenter_m700z_firmware
-
lenovothinkcenter_m800z_firmware
-
lenovothinkcentre_e74z_firmware
-
lenovothinkcentre_m700z_firmware
-
lenovothinkcentre_m7300z_firmware
-
lenovothinkcentre_m800z_firmware
-
lenovothinkcentre_m810z_firmware
-
lenovothinkcentre_m818z_firmware
-
lenovothinkcentre_m820z_firmware
-
lenovothinkcentre_m8300z_firmware
-
lenovothinkcentre_m8350z_firmware
-
lenovothinkcentre_m83z_\(aio\)_firmware
-
lenovothinkcentre_m900z_firmware
-
lenovothinkcentre_m910z_firmware
-
lenovothinkcentre_m920z_firmware
-
lenovothinkcentre_m9500z_firmware
-
lenovothinkcentre_m9550z_firmware
-
lenovothinkcentre_x1_aio_firmware
-
lenovo330-14igm_firmware
𝑥
< 7xcn30ww
lenovo330-15igm_firmware
𝑥
< 7xcn30ww
lenovothinkpad_e480_firmware
𝑥
< r0pet54w
lenovothinkpad_e580_firmware
𝑥
< r0pet54w
lenovothinkpad_e570p_firmware
𝑥
< r0met46w
lenovothinkpad_s5_firmware
𝑥
< r0met46w
lenovothinkpad_l480_firmware
𝑥
< r0qet54w
lenovothinkpad_l580_firmware
𝑥
< r0qet54w
lenovothinkpad_s5_firmware
𝑥
< r09et70w
lenovothinkpad_e560p_firmware
𝑥
< r09et70w
lenovothinkpad_t460_firmware
𝑥
< r06et66w
lenovothinkpad_t460p_firmware
𝑥
< r07et88w
lenovothinkpad_x260_firmware
𝑥
< r02et70w
lenovothinkpad_x380_yoga_firmware
𝑥
< r0set42w
lenovothinkstation_c30_refresh_firmware
-
lenovothinkstation_d30_refresh_firmware
-
lenovothinkstation_p310_firmware
-
lenovothinkstation_p410_firmware
-
lenovothinkstation_p500_firmware
-
lenovothinkstation_p510_firmware
-
lenovothinkstation_p520_firmware
-
lenovothinkstation_p520c_firmware
-
lenovothinkstation_p700_firmware
-
lenovothinkstation_p710_firmware
-
lenovothinkstation_p720_firmware
-
lenovothinkstation_p900_firmware
-
lenovothinkstation_p910_firmware
-
lenovothinkstation_p920_firmware
-
lenovothinkstation_s30_refresh_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/solutions/LEN-26332
https://support.lenovo.com/solutions/LEN-26332