CVE-2019-6190

Home/CVE/Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Deskto

CVE

Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Deskto

Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.

MEDIUM · CVSS 5 EPSS 0.00116

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-665Improper Initialization

▤

Affected Products & Versions

lenovo thinkcentre e93 firmware< fbktdba
lenovo thinkcentre m6500s firmware< fbktdba
lenovo thinkcentre m6500t firmware< fbktdba
lenovo thinkcentre m73p firmware< fbktdba
lenovo thinkcentre m83 firmware< fbktdba
lenovo thinkcentre m8500s firmware< fbktdba
lenovo thinkcentre m8500t firmware< fbktdba
lenovo thinkcentre m93 firmware< fbktdba
Show all 60 affected productslenovo thinkcentre m93p firmware< fbktdba
lenovo thinkstation e32 firmware< fbktdba
lenovo thinkstation p300 firmware< fbktdba
lenovo thinkstation c30 refresh firmware< 2-27-2020
lenovo thinkstation d30 refresh firmware< 2-27-2020
lenovo thinkstation p410 firmware< 2-27-2020
lenovo thinkstation p500 firmware< 2-27-2020
lenovo thinkstation p510 firmware< 2-27-2020
lenovo thinkstation p700 firmware< 2-27-2020
lenovo thinkstation p710 firmware< 2-27-2020
lenovo thinkstation p720 firmware< 2-27-2020
lenovo thinkstation p900 firmware< 2-27-2020
lenovo thinkstation p910 firmware< 2-27-2020
lenovo thinkstation p920 firmware< 2-27-2020
lenovo thinkstation s30 refresh firmware< 2-27-2020
lenovo h50-30g desktop firmware< fckt97a
lenovo 63 desktop firmware< fckt97a
lenovo m4500 desktop firmware< fckt97a
lenovo m4500 id desktop firmware< fckt97a
lenovo m4550 id desktop firmware< fckt97a
lenovo qitian 4500 desktop firmware< fckt97a
lenovo qitian b4550 desktop firmware< fckt97a
lenovo qitian m4550 desktop firmware< fckt97a
lenovo thinkcentre e73 desktop firmware< fckt97a
lenovo thinkcentre e73s desktop firmware< fckt97a
lenovo thinkcentre m4500k desktop firmware< fckt97a
lenovo thinkcentre m4500s desktop firmware< fckt97a
lenovo thinkcentre m4500t desktop firmware< fckt97a
lenovo thinkcentre m73 desktop firmware< fckt97a
lenovo yangtian afh81 desktop firmware< fckt97a
lenovo yangtian mc h81 desktop firmware< fckt97a
lenovo yangtian mf h81 pci desktop firmware< fckt97a
lenovo yangtian ms h81 desktop firmware< fckt97a
lenovo yangtian tc h81 pci desktop firmware< fckt97a
lenovo yangtian wcc h81 pci desktop firmware< fckt97a
lenovo yangtian wf h81 pci desktop firmware< fckt97a
lenovo yangtian ws h81 desktop firmware< fckt97a
lenovo thinkcentre m9350z firmware< fekta1a
lenovo thinkcentre m93z firmware< fekta1a
lenovo thinkcentre m73 tiny firmware< fhkt84a
lenovo thinkcentre m4500q firmware< fhkt84a
lenovo thinkcentre m9550z firmware< fukt55a
lenovo thinkcentre m9500z firmware< fukt55a
lenovo thinkcentre m900z firmware< fukt55a
lenovo thinkcenter m700z firmware< fvkt64a
lenovo thinkcenter m800z firmware< fvkt64a
lenovo thinkcentre e74z firmware< fvkt64a
lenovo thinkcentre m700z firmware< fvkt64a
lenovo thinkcentre m7300z firmware< fvkt64a
lenovo thinkcentre m800z firmware< fvkt64a
lenovo thinkcentre m8300z firmware< fvkt64a
lenovo thinkcentre m8350z firmware< fvkt64a

▣

Scoring & Timeline

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD14 Feb 2020 · 05:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-28078Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/176178Third Party AdvisoryVDB Entry

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin