4.4

CVE-2019-6192

Exploit
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LenovoPower Management Driver Version < 1.67.17.48
   LenovoThinkpad 13 Gen 2 Version-
   LenovoThinkpad 25 Version-
   LenovoThinkpad A275 Version-
   LenovoThinkpad A285 Version-
   LenovoThinkpad A475 Version-
   LenovoThinkpad A485 Version-
   LenovoThinkpad E14 Version-
   LenovoThinkpad E15 Version-
   LenovoThinkpad E470 Version-
   LenovoThinkpad E470c Version-
   LenovoThinkpad E475 Version-
   LenovoThinkpad E480 Version-
   LenovoThinkpad E490 Version-
   LenovoThinkpad E495 Version-
   LenovoThinkpad E570 Version-
   LenovoThinkpad E570c Version-
   LenovoThinkpad E575 Version-
   LenovoThinkpad E580 Version-
   LenovoThinkpad E590 Version-
   LenovoThinkpad E595 Version-
   LenovoThinkpad L13 Version-
   LenovoThinkpad L13 Yoga Version-
   LenovoThinkpad L380 Version-
   LenovoThinkpad L380 Yoga Version-
   LenovoThinkpad L390 Version-
   LenovoThinkpad L390 Yoga Version-
   LenovoThinkpad L470 Version-
   LenovoThinkpad L480 Version-
   LenovoThinkpad L490 Version-
   LenovoThinkpad L570 Version-
   LenovoThinkpad L580 Version-
   LenovoThinkpad L590 Version-
   LenovoThinkpad P1 Version-
   LenovoThinkpad P1 Gen 2 Version-
   LenovoThinkpad P43s Version-
   LenovoThinkpad P51 Version-
   LenovoThinkpad P51s Version-
   LenovoThinkpad P52 Version-
   LenovoThinkpad P52s Version-
   LenovoThinkpad P53 Version-
   LenovoThinkpad P53s Version-
   LenovoThinkpad P7 Version-
   LenovoThinkpad P72 Version-
   LenovoThinkpad P73 Version-
   LenovoThinkpad R14 Version-
   LenovoThinkpad R480 Version-
   LenovoThinkpad S1 Gen 4 Version-
   LenovoThinkpad S2 Gen 2 Version-
   LenovoThinkpad S2 Gen 5 Version-
   LenovoThinkpad S2 Yoga Gen 5 Version-
   LenovoThinkpad S3 Gen 2 Version-
   LenovoThinkpad S5 Gen 2 Version-
   LenovoThinkpad T470 Version-
   LenovoThinkpad T470p Version-
   LenovoThinkpad T470s Version-
   LenovoThinkpad T480 Version-
   LenovoThinkpad T480s Version-
   LenovoThinkpad T490 Version-
   LenovoThinkpad T490s Version-
   LenovoThinkpad T495 Version-
   LenovoThinkpad T570 Version-
   LenovoThinkpad T580 Version-
   LenovoThinkpad T590 Version-
   LenovoThinkpad X1 Carbon Gen 5 Version-
   LenovoThinkpad X1 Carbon Gen 6 Version-
   LenovoThinkpad X1 Carbon Gen 7 Version-
   LenovoThinkpad X1 Extreme Version-
   LenovoThinkpad X1 Extreme 2nd Version-
   LenovoThinkpad X1 Tablet Gen 2 Version-
   LenovoThinkpad X1 Tablet Gen 3 Version-
   LenovoThinkpad X1 Yoga Gen 2 Version-
   LenovoThinkpad X1 Yoga Gen 3 Version-
   LenovoThinkpad X1 Yoga Gen 4 Version-
   LenovoThinkpad X270 Version-
   LenovoThinkpad X280 Version-
   LenovoThinkpad X380 Yoga Version-
   LenovoThinkpad X390 Version-
   LenovoThinkpad X390 Yoga Version-
   LenovoThinkpad X395 Version-
   LenovoThinkpad Yoga 370 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.02% 0.832
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
psirt@lenovo.com 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.