Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-6192

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.4, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 81 products from lenovo, from lenovo, from lenovo and 78 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-12-10T18:15:09.657

Last Modified

2024-11-21T04:46:08.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-120
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application lenovo power_management_driver < 1.67.17.48 Yes
Hardware lenovo thinkpad_13_gen_2 - No
Hardware lenovo thinkpad_25 - No
Hardware lenovo thinkpad_a275 - No
Hardware lenovo thinkpad_a285 - No
Hardware lenovo thinkpad_a475 - No
Hardware lenovo thinkpad_a485 - No
Hardware lenovo thinkpad_e14 - No
Hardware lenovo thinkpad_e15 - No
Hardware lenovo thinkpad_e470 - No
Hardware lenovo thinkpad_e470c - No
Hardware lenovo thinkpad_e475 - No
Hardware lenovo thinkpad_e480 - No
Hardware lenovo thinkpad_e490 - No
Hardware lenovo thinkpad_e495 - No
Hardware lenovo thinkpad_e570 - No
Hardware lenovo thinkpad_e570c - No
Hardware lenovo thinkpad_e575 - No
Hardware lenovo thinkpad_e580 - No
Hardware lenovo thinkpad_e590 - No
Hardware lenovo thinkpad_e595 - No
Hardware lenovo thinkpad_l13 - No
Hardware lenovo thinkpad_l13_yoga - No
Hardware lenovo thinkpad_l380 - No
Hardware lenovo thinkpad_l380_yoga - No
Hardware lenovo thinkpad_l390 - No
Hardware lenovo thinkpad_l390_yoga - No
Hardware lenovo thinkpad_l470 - No
Hardware lenovo thinkpad_l480 - No
Hardware lenovo thinkpad_l490 - No
Hardware lenovo thinkpad_l570 - No
Hardware lenovo thinkpad_l580 - No
Hardware lenovo thinkpad_l590 - No
Hardware lenovo thinkpad_p1 - No
Hardware lenovo thinkpad_p1_gen_2 - No
Hardware lenovo thinkpad_p43s - No
Hardware lenovo thinkpad_p51 - No
Hardware lenovo thinkpad_p51s - No
Hardware lenovo thinkpad_p52 - No
Hardware lenovo thinkpad_p52s - No
Hardware lenovo thinkpad_p53 - No
Hardware lenovo thinkpad_p53s - No
Hardware lenovo thinkpad_p7 - No
Hardware lenovo thinkpad_p72 - No
Hardware lenovo thinkpad_p73 - No
Hardware lenovo thinkpad_r14 - No
Hardware lenovo thinkpad_r480 - No
Hardware lenovo thinkpad_s1_gen_4 - No
Hardware lenovo thinkpad_s2_gen_2 - No
Hardware lenovo thinkpad_s2_gen_5 - No
Hardware lenovo thinkpad_s2_yoga_gen_5 - No
Hardware lenovo thinkpad_s3_gen_2 - No
Hardware lenovo thinkpad_s5_gen_2 - No
Hardware lenovo thinkpad_t470 - No
Hardware lenovo thinkpad_t470p - No
Hardware lenovo thinkpad_t470s - No
Hardware lenovo thinkpad_t480 - No
Hardware lenovo thinkpad_t480s - No
Hardware lenovo thinkpad_t490 - No
Hardware lenovo thinkpad_t490s - No
Hardware lenovo thinkpad_t495 - No
Hardware lenovo thinkpad_t570 - No
Hardware lenovo thinkpad_t580 - No
Hardware lenovo thinkpad_t590 - No
Hardware lenovo thinkpad_x1_carbon_gen_5 - No
Hardware lenovo thinkpad_x1_carbon_gen_6 - No
Hardware lenovo thinkpad_x1_carbon_gen_7 - No
Hardware lenovo thinkpad_x1_extreme - No
Hardware lenovo thinkpad_x1_extreme_2nd - No
Hardware lenovo thinkpad_x1_tablet_gen_2 - No
Hardware lenovo thinkpad_x1_tablet_gen_3 - No
Hardware lenovo thinkpad_x1_yoga_gen_2 - No
Hardware lenovo thinkpad_x1_yoga_gen_3 - No
Hardware lenovo thinkpad_x1_yoga_gen_4 - No
Hardware lenovo thinkpad_x270 - No
Hardware lenovo thinkpad_x280 - No
Hardware lenovo thinkpad_x380_yoga - No
Hardware lenovo thinkpad_x390 - No
Hardware lenovo thinkpad_x390_yoga - No
Hardware lenovo thinkpad_x395 - No
Hardware lenovo thinkpad_yoga_370 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.