CVE-2019-6156

Description

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

Related CPE's

olenovo510-15ikl_firmware-*******

hlenovo510-15ikl-*******

olenovo510s-08ikl_firmware-*******

hlenovo510s-08ikl-*******

olenovoideacentre_300-20ish_firmware-*******

hlenovoideacentre_300-20ish-*******

olenovoideacentre_300s-11ish_firmware-*******

hlenovoideacentre_300s-11ish-*******

olenovoideacentre_510-15icb_firmware********

hlenovoideacentre_510-15icb-*******

References

https://support.lenovo.com/solutions/LEN-26332

PatchVendor Advisory

CvssV3 impact

BaseSeverity

LOW

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

NONE

IntegrityImpact

LOW

PrivilegesRequired

LOW

BaseScore

3.3

VectorString

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:N/I:P/A:N

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

2.0999999046325684

Created by Yello
About Severity.io