CVE-2019-6192 - Vulnerability Details

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.02103.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Lenovo

Power Management driver

affected

Version	Status	Constraints
`unspecified`	affected	< 1.67.17.48

Configuration 1 [-]

AND

cpe:2.3:a:lenovo:power_management_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:thinkpad_13_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_25:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a275:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a285:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a475:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_a485:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e14:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e15:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e470c:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e475:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e490:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e495:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e570:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e570c:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e575:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e580:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e590:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_e595:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l13:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l13_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l380:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l380_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l390:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l390_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l490:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l570:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l580:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l590:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p1:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p1_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p43s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p51:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p51s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p52:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p52s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p53:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p53s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p7:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p72:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p73:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_r14:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_r480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s1_gen_4:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2_gen_5:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_5:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s3_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s5_gen_2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470p:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t480:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t480s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t490:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t490s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t495:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t570:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t580:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t590:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_5:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_6:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_7:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_extreme_2nd:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_2:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_3:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_2:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_3:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_4:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x270:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x280:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x390:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x390_yoga:-:::::::*
cpe:2.3:h:lenovo:thinkpad_x395:-:::::::*
cpe:2.3:h:lenovo:thinkpad_yoga_370:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Lenovo Subscribe	Power Management Driver Subscribe Thinkpad 13 Gen 2 Subscribe Thinkpad 25 Subscribe Thinkpad A275 Subscribe Thinkpad A285 Subscribe Thinkpad A475 Subscribe Thinkpad A485 Subscribe Thinkpad E14 Subscribe Thinkpad E15 Subscribe Thinkpad E470 Subscribe Thinkpad E470c Subscribe Thinkpad E475 Subscribe Thinkpad E480 Subscribe Thinkpad E490 Subscribe Thinkpad E495 Subscribe Thinkpad E570 Subscribe Thinkpad E570c Subscribe Thinkpad E575 Subscribe Thinkpad E580 Subscribe Thinkpad E590 Subscribe Thinkpad E595 Subscribe Thinkpad L13 Subscribe Thinkpad L13 Yoga Subscribe Thinkpad L380 Subscribe Thinkpad L380 Yoga Subscribe Thinkpad L390 Subscribe Thinkpad L390 Yoga Subscribe Thinkpad L470 Subscribe Thinkpad L480 Subscribe Thinkpad L490 Subscribe Thinkpad L570 Subscribe Thinkpad L580 Subscribe Thinkpad L590 Subscribe Thinkpad P1 Subscribe Thinkpad P1 Gen 2 Subscribe Thinkpad P43s Subscribe Thinkpad P51 Subscribe Thinkpad P51s Subscribe Thinkpad P52 Subscribe Thinkpad P52s Subscribe Thinkpad P53 Subscribe Thinkpad P53s Subscribe Thinkpad P7 Subscribe Thinkpad P72 Subscribe Thinkpad P73 Subscribe Thinkpad R14 Subscribe Thinkpad R480 Subscribe Thinkpad S1 Gen 4 Subscribe Thinkpad S2 Gen 2 Subscribe Thinkpad S2 Gen 5 Subscribe Thinkpad S2 Yoga Gen 5 Subscribe Thinkpad S3 Gen 2 Subscribe Thinkpad S5 Gen 2 Subscribe Thinkpad T470 Subscribe Thinkpad T470p Subscribe Thinkpad T470s Subscribe Thinkpad T480 Subscribe Thinkpad T480s Subscribe Thinkpad T490 Subscribe Thinkpad T490s Subscribe Thinkpad T495 Subscribe Thinkpad T570 Subscribe Thinkpad T580 Subscribe Thinkpad T590 Subscribe Thinkpad X1 Carbon Gen 5 Subscribe Thinkpad X1 Carbon Gen 6 Subscribe Thinkpad X1 Carbon Gen 7 Subscribe Thinkpad X1 Extreme Subscribe Thinkpad X1 Extreme 2nd Subscribe Thinkpad X1 Tablet Gen 2 Subscribe Thinkpad X1 Tablet Gen 3 Subscribe Thinkpad X1 Yoga Gen 2 Subscribe Thinkpad X1 Yoga Gen 3 Subscribe Thinkpad X1 Yoga Gen 4 Subscribe Thinkpad X270 Subscribe Thinkpad X280 Subscribe Thinkpad X380 Yoga Subscribe Thinkpad X390 Subscribe Thinkpad X390 Yoga Subscribe Thinkpad X395 Subscribe Thinkpad Yoga 370 Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2019-15759	A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

Fixes

Solution

Update to Lenovo Power Management driver version 1.67.17.48 or higher.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/155656/Lenovo-Power-Management-Driver-Buffer-Overflow.html
https://support.lenovo.com/solutions/LEN-29334

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2019-12-10T18:05:17.706531Z

Updated: 2024-09-17T04:20:49.230Z

Reserved: 2019-01-11T00:00:00

Link: CVE-2019-6192

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-12-10T18:15:09.657

Modified: 2024-11-21T04:46:08.750

Link: CVE-2019-6192

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-120

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object