CVE-2019-6192 - Vulnerability Details

Description

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

Published: 2019-12-10

Score: 4.4 Medium

EPSS: 2.1% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Lenovo

Power Management driver

affected

Version	Status	Constraints
`unspecified`	affected	< 1.67.17.48

Configuration 1 [-]

AND

cpe:2.3:a:lenovo:power_management_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:thinkpad_13_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_25:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a275:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a285:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a475:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a485:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e14:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e15:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e470c:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e475:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e490:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e495:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e570:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e570c:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e575:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e580:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e590:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e595:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l13:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l13_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l380:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l380_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l390:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l390_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l490:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l570:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l580:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l590:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p1:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p1_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p43s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p51:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p51s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p52:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p52s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p53:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p53s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p7:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p72:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p73:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_r14:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_r480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s1_gen_4:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2_gen_5:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_5:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s3_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s5_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470p:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t480s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t490:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t490s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t495:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t570:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t580:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t590:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_5:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_6:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_7:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_extreme_2nd:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_2:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_3:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_2:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_3:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_4:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x270:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x280:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x390:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x390_yoga:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x395:-:::::::*
cpe:2.3:h:lenovo:thinkpad_yoga_370:-:::::::*

No data.

No data available yet.

Remediation

Vendor Solution

Update to Lenovo Power Management driver version 1.67.17.48 or higher.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2019-15759	A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.02103.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://packetstormsecurity.com/files/155656/Lenovo-Power-Management-Driver-Buffer-Overflow.html
https://support.lenovo.com/solutions/LEN-29334

History

No history.

Subscriptions

Lenovo Power Management Driver Thinkpad 13 Gen 2 Thinkpad 25 Thinkpad A275 Thinkpad A285 Thinkpad A475 Thinkpad A485 Thinkpad E14 Thinkpad E15 Thinkpad E470 Thinkpad E470c Thinkpad E475 Thinkpad E480 Thinkpad E490 Thinkpad E495 Thinkpad E570 Thinkpad E570c Thinkpad E575 Thinkpad E580 Thinkpad E590 Thinkpad E595 Thinkpad L13 Thinkpad L13 Yoga Thinkpad L380 Thinkpad L380 Yoga Thinkpad L390 Thinkpad L390 Yoga Thinkpad L470 Thinkpad L480 Thinkpad L490 Thinkpad L570 Thinkpad L580 Thinkpad L590 Thinkpad P1 Thinkpad P1 Gen 2 Thinkpad P43s Thinkpad P51 Thinkpad P51s Thinkpad P52 Thinkpad P52s Thinkpad P53 Thinkpad P53s Thinkpad P7 Thinkpad P72 Thinkpad P73 Thinkpad R14 Thinkpad R480 Thinkpad S1 Gen 4 Thinkpad S2 Gen 2 Thinkpad S2 Gen 5 Thinkpad S2 Yoga Gen 5 Thinkpad S3 Gen 2 Thinkpad S5 Gen 2 Thinkpad T470 Thinkpad T470p Thinkpad T470s Thinkpad T480 Thinkpad T480s Thinkpad T490 Thinkpad T490s Thinkpad T495 Thinkpad T570 Thinkpad T580 Thinkpad T590 Thinkpad X1 Carbon Gen 5 Thinkpad X1 Carbon Gen 6 Thinkpad X1 Carbon Gen 7 Thinkpad X1 Extreme Thinkpad X1 Extreme 2nd Thinkpad X1 Tablet Gen 2 Thinkpad X1 Tablet Gen 3 Thinkpad X1 Yoga Gen 2 Thinkpad X1 Yoga Gen 3 Thinkpad X1 Yoga Gen 4 Thinkpad X270 Thinkpad X280 Thinkpad X380 Yoga Thinkpad X390 Thinkpad X390 Yoga Thinkpad X395 Thinkpad Yoga 370

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2019-12-10T18:05:17.706Z

Updated: 2024-09-17T04:20:49.230Z

Reserved: 2019-01-11T00:00:00.000Z

Link: CVE-2019-6192

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-12-10T18:15:09.657

Modified: 2024-11-21T04:46:08.750

Link: CVE-2019-6192

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-120

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object