CVE-2019-6190

Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
lenovoCNA
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
lenovothinkstation_c30_refresh_firmware
𝑥
< 2-27-2020
lenovothinkstation_d30_refresh_firmware
𝑥
< 2-27-2020
lenovothinkstation_p410_firmware
𝑥
< 2-27-2020
lenovothinkstation_p500_firmware
𝑥
< 2-27-2020
lenovothinkstation_p510_firmware
𝑥
< 2-27-2020
lenovothinkstation_p700_firmware
𝑥
< 2-27-2020
lenovothinkstation_p710_firmware
𝑥
< 2-27-2020
lenovothinkstation_p720_firmware
𝑥
< 2-27-2020
lenovothinkstation_p900_firmware
𝑥
< 2-27-2020
lenovothinkstation_p910_firmware
𝑥
< 2-27-2020
lenovothinkstation_p920_firmware
𝑥
< 2-27-2020
lenovothinkstation_s30_refresh_firmware
𝑥
< 2-27-2020
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-28078
https://exchange.xforce.ibmcloud.com/vulnerabilities/176178
https://support.lenovo.com/us/en/product_security/LEN-28078