CVE Daily

CVE-2019-6170

A potential vulnerability in the SMI callback function used in the Legacy USB dr...

Medium CVSS 6.4

Overview

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

CWE: N/A Published: 2019-11-12T21:15:12.097
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.4 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags