In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
Affected:< 7xcn30wwFixed in:7xcn30wwCVE-2019-6156derived from NVD
330-15igm firmwareNVD
Affected:< 7xcn30wwFixed in:7xcn30wwCVE-2019-6156derived from NVD
aio300-23isu\(c5130\) firmwareNVD
Affected:< o1lkt46aFixed in:o1lkt46aCVE-2019-6156derived from NVD
aio 910-27ish firmwareNVD
Affected:< o37kt13aFixed in:o37kt13aCVE-2019-6156derived from NVD
ideacentre 510-15icb firmwareNVD
Affected:< o3qkt32aFixed in:o3qkt32aCVE-2019-6156derived from NVD
ideacentre 510a-15icb firmwareNVD
Affected:< o3qkt32aFixed in:o3qkt32aCVE-2019-6156derived from NVD
ideacentre 520s-23iku firmwareNVD
Affected:< o34kt23aFixed in:o34kt23aCVE-2019-6156derived from NVD
ideacentre 700 firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
ideacentre 720-18icb firmwareNVD
Affected:< o3qkt32aFixed in:o3qkt32aCVE-2019-6156derived from NVD
ideacentre 730s-24ikb firmwareNVD
Affected:< o3wkt15aFixed in:o3wkt15aCVE-2019-6156derived from NVD
legion c530-19icb firmwareNVD
Affected:< o3lkt20aFixed in:o3lkt20aCVE-2019-6156derived from NVD
legion c730-19ico firmwareNVD
Affected:< o3nkt20aFixed in:o3nkt20aCVE-2019-6156derived from NVD
legion t530-28icb firmwareNVD
Affected:< o3lkt20aFixed in:o3lkt20aCVE-2019-6156derived from NVD
legion t730-28ico firmwareNVD
Affected:< o3nkt20aFixed in:o3nkt20aCVE-2019-6156derived from NVD
thinkcentre e93 \(sff\) firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre e93 \(twr\) firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre e95z firmwareNVD
Affected:< m1lkt20aFixed in:m1lkt20aCVE-2019-6156derived from NVD
thinkcentre e96z firmwareNVD
Affected:< m26kt11aFixed in:m26kt11aCVE-2019-6156derived from NVD
thinkcentre m610 firmwareNVD
Affected:< m1akt3faFixed in:m1akt3faCVE-2019-6156derived from NVD
thinkcentre m6500s firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m6500t firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m6600 firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m6600q firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m6600s firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m6600t firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m700q firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m710q firmwareNVD
Affected:< m1akt3faFixed in:m1akt3faCVE-2019-6156derived from NVD
thinkcentre m720q firmwareNVD
Affected:< m1ukt33aFixed in:m1ukt33aCVE-2019-6156derived from NVD
thinkcentre m720s firmwareNVD
Affected:< m1ukt33aFixed in:m1ukt33aCVE-2019-6156derived from NVD
thinkcentre m73p firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m800 firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m83 \(sff\) firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m83 \(tiny\) firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m83 \(twr\) firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m8500s firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m8500t firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m8600s firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m8600t firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m900 firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
thinkcentre m910q firmwareNVD
Affected:< m1akt3faFixed in:m1akt3faCVE-2019-6156derived from NVD
thinkcentre m910s firmwareNVD
Affected:< m1akt3faFixed in:m1akt3faCVE-2019-6156derived from NVD
thinkcentre m910t firmwareNVD
Affected:< m1akt3faFixed in:m1akt3faCVE-2019-6156derived from NVD
thinkcentre m910x firmwareNVD
Affected:< m1akt3faFixed in:m1akt3faCVE-2019-6156derived from NVD
thinkcentre m920q firmwareNVD
Affected:< m1ukt33aFixed in:m1ukt33aCVE-2019-6156derived from NVD
thinkcentre m920s firmwareNVD
Affected:< m1ukt33aFixed in:m1ukt33aCVE-2019-6156derived from NVD
thinkcentre m920t firmwareNVD
Affected:< m1ukt33aFixed in:m1ukt33aCVE-2019-6156derived from NVD
thinkcentre m920x firmwareNVD
Affected:< m1ukt33aFixed in:m1ukt33aCVE-2019-6156derived from NVD
thinkcentre m93 firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m93p \(sff\) firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m93p \(twr\) firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkcentre m93p tiny firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkpad e480 firmwareNVD
Affected:< r0pet54wFixed in:r0pet54wCVE-2019-6156derived from NVD
thinkpad e560p firmwareNVD
Affected:< r09et70wFixed in:r09et70wCVE-2019-6156derived from NVD
thinkpad e570p firmwareNVD
Affected:< r0met46wFixed in:r0met46wCVE-2019-6156derived from NVD
thinkpad e580 firmwareNVD
Affected:< r0pet54wFixed in:r0pet54wCVE-2019-6156derived from NVD
thinkpad l480 firmwareNVD
Affected:< r0qet54wFixed in:r0qet54wCVE-2019-6156derived from NVD
thinkpad l580 firmwareNVD
Affected:< r0qet54wFixed in:r0qet54wCVE-2019-6156derived from NVD
thinkpad s5 firmwareNVD
Affected:< r09et70wFixed in:r09et70wCVE-2019-6156derived from NVD
thinkpad t460 firmwareNVD
Affected:< r06et66wFixed in:r06et66wCVE-2019-6156derived from NVD
thinkpad t460p firmwareNVD
Affected:< r07et88wFixed in:r07et88wCVE-2019-6156derived from NVD
thinkpad x260 firmwareNVD
Affected:< r02et70wFixed in:r02et70wCVE-2019-6156derived from NVD
thinkpad x380 yoga firmwareNVD
Affected:< r0set42wFixed in:r0set42wCVE-2019-6156derived from NVD
thinkstation e32 firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkstation p300 firmwareNVD
Affected:< fbktd5aFixed in:fbktd5aCVE-2019-6156derived from NVD
thinkstation p318 firmwareNVD
Affected:< m1akt3faFixed in:m1akt3faCVE-2019-6156derived from NVD
thinkstation p320 firmwareNVD
Affected:< s06kt40aFixed in:s06kt40aCVE-2019-6156derived from NVD
thinkstation p320 tiny firmwareNVD
Affected:< m1akt3faFixed in:m1akt3faCVE-2019-6156derived from NVD
thinkstation p330 firmwareNVD
Affected:< m1vkt34aFixed in:m1vkt34aCVE-2019-6156derived from NVD
thinkstation p330 tiny firmwareNVD
Affected:< m1ukt33aFixed in:m1ukt33aCVE-2019-6156derived from NVD
v310z\(yt s3150\) firmwareNVD
Affected:< m18kt25aFixed in:m18kt25aCVE-2019-6156derived from NVD
v410z\(yt s4250\) firmwareNVD
Affected:< m17kt41aFixed in:m17kt41aCVE-2019-6156derived from NVD
v510z \(yt s5250\) firmwareNVD
Affected:< m1dkt26aFixed in:m1dkt26aCVE-2019-6156derived from NVD
v530-22icb\(yt s4350\) firmwareNVD
Affected:< m20kt38aFixed in:m20kt38aCVE-2019-6156derived from NVD
v530-24icb\(yt s5350\) firmwareNVD
Affected:< m20kt38aFixed in:m20kt38aCVE-2019-6156derived from NVD
yangtian afq150 firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
yta8900f firmwareNVD
Affected:< fwkt9aaFixed in:fwkt9aaCVE-2019-6156derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityLow
AvailabilityNone
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploit Intelligence
0.24%probability of exploitation in 30 days
15thpercentile
Low risk: more likely to be exploited than 15% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.