CVE-2019-6170

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

Published: 2019-11-12 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2019-6170 is rated Low Risk (35.2/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.35%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2019-6170

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.07% 0.35% +0.28%
2 2025-05-25 0.04% 0.07% +0.03%
3 2023-03-07 0.04%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2019-6170

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.4 3.1 MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.5 5.9 [email protected]
6.4 3.1 MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.5 5.9 [email protected]
4.4 2.0 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
3.4 6.4 [email protected]

Weakness enumeration for CVE-2019-6170

Affected software / configurations for CVE-2019-6170

Vendor Product Version Raw CPE
lenovo 510-15ikl_firmware cpe:2.3:o:lenovo:510-15ikl_firmware:-:*:*:*:*:*:*:*
lenovo 510s-08ikl_firmware cpe:2.3:o:lenovo:510s-08ikl_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_300-20ish_firmware cpe:2.3:o:lenovo:ideacentre_300-20ish_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_300s-11ish_firmware cpe:2.3:o:lenovo:ideacentre_300s-11ish_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_310s-08asr_firmware cpe:2.3:o:lenovo:ideacentre_310s-08asr_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_310s-08igm_firmware cpe:2.3:o:lenovo:ideacentre_310s-08igm_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_510-15icb_firmware cpe:2.3:o:lenovo:ideacentre_510-15icb_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_510a-15icb_firmware cpe:2.3:o:lenovo:ideacentre_510a-15icb_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_510s-08ish_firmware cpe:2.3:o:lenovo:ideacentre_510s-08ish_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_700_firmware cpe:2.3:o:lenovo:ideacentre_700_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_720-18apr_firmware cpe:2.3:o:lenovo:ideacentre_720-18apr_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_720-18icb_firmware cpe:2.3:o:lenovo:ideacentre_720-18icb_firmware:-:*:*:*:*:*:*:*
lenovo legion_c530-19icb_firmware cpe:2.3:o:lenovo:legion_c530-19icb_firmware:-:*:*:*:*:*:*:*
lenovo legion_c730-19ico_firmware cpe:2.3:o:lenovo:legion_c730-19ico_firmware:-:*:*:*:*:*:*:*
lenovo legion_t530-28apr_firmware cpe:2.3:o:lenovo:legion_t530-28apr_firmware:-:*:*:*:*:*:*:*
lenovo legion_t530-28apr_reflash_firmware cpe:2.3:o:lenovo:legion_t530-28apr_reflash_firmware:-:*:*:*:*:*:*:*
lenovo legion_t530-28icb_firmware cpe:2.3:o:lenovo:legion_t530-28icb_firmware:-:*:*:*:*:*:*:*
lenovo legion_t530-28icb_reflash_firmware cpe:2.3:o:lenovo:legion_t530-28icb_reflash_firmware:-:*:*:*:*:*:*:*
lenovo legion_t730-28ico_firmware cpe:2.3:o:lenovo:legion_t730-28ico_firmware:-:*:*:*:*:*:*:*
lenovo legion_y520t_z370_firmware cpe:2.3:o:lenovo:legion_y520t_z370_firmware:-:*:*:*:*:*:*:*
lenovo 63_firmware cpe:2.3:o:lenovo:63_firmware:-:*:*:*:*:*:*:*
lenovo h50-30g_desktop_firmware cpe:2.3:o:lenovo:h50-30g_desktop_firmware:-:*:*:*:*:*:*:*
lenovo m4500_firmware cpe:2.3:o:lenovo:m4500_firmware:-:*:*:*:*:*:*:*
lenovo m4500_id_firmware cpe:2.3:o:lenovo:m4500_id_firmware:-:*:*:*:*:*:*:*
lenovo m4550_id_firmware cpe:2.3:o:lenovo:m4550_id_firmware:-:*:*:*:*:*:*:*
lenovo v330-15igm_firmware cpe:2.3:o:lenovo:v330-15igm_firmware:-:*:*:*:*:*:*:*
lenovo v530s-07icb_firmware cpe:2.3:o:lenovo:v530s-07icb_firmware:-:*:*:*:*:*:*:*
lenovo qitian_4500_firmware cpe:2.3:o:lenovo:qitian_4500_firmware:-:*:*:*:*:*:*:*
lenovo qitian_b4550_firmware cpe:2.3:o:lenovo:qitian_b4550_firmware:-:*:*:*:*:*:*:*
lenovo qitian_b4650_firmware cpe:2.3:o:lenovo:qitian_b4650_firmware:-:*:*:*:*:*:*:*
lenovo qitian_b5900_firmware cpe:2.3:o:lenovo:qitian_b5900_firmware:-:*:*:*:*:*:*:*
lenovo qitian_m4550_firmware cpe:2.3:o:lenovo:qitian_m4550_firmware:-:*:*:*:*:*:*:*
lenovo qitian_m4600_firmware cpe:2.3:o:lenovo:qitian_m4600_firmware:-:*:*:*:*:*:*:*
lenovo qitian_m4650_firmware cpe:2.3:o:lenovo:qitian_m4650_firmware:-:*:*:*:*:*:*:*
lenovo qt_m410_firmware cpe:2.3:o:lenovo:qt_m410_firmware:-:*:*:*:*:*:*:*
lenovo qt_b415_firmware cpe:2.3:o:lenovo:qt_b415_firmware:-:*:*:*:*:*:*:*
lenovo qt_m415_firmware cpe:2.3:o:lenovo:qt_m415_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e73_firmware cpe:2.3:o:lenovo:thinkcentre_e73_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e73s_firmware cpe:2.3:o:lenovo:thinkcentre_e73s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e74_firmware cpe:2.3:o:lenovo:thinkcentre_e74_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e74s_firmware cpe:2.3:o:lenovo:thinkcentre_e74s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e75t_firmware cpe:2.3:o:lenovo:thinkcentre_e75t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e75s_firmware cpe:2.3:o:lenovo:thinkcentre_e75s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e93_firmware cpe:2.3:o:lenovo:thinkcentre_e93_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4500k_firmware cpe:2.3:o:lenovo:thinkcentre_m4500k_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4500q_firmware cpe:2.3:o:lenovo:thinkcentre_m4500q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4500t_firmware cpe:2.3:o:lenovo:thinkcentre_m4500t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4500s_firmware cpe:2.3:o:lenovo:thinkcentre_m4500s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4600t_firmware cpe:2.3:o:lenovo:thinkcentre_m4600t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4600s_firmware cpe:2.3:o:lenovo:thinkcentre_m4600s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m600_firmware cpe:2.3:o:lenovo:thinkcentre_m600_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m610_firmware cpe:2.3:o:lenovo:thinkcentre_m610_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m625q_firmware cpe:2.3:o:lenovo:thinkcentre_m625q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6500t_firmware cpe:2.3:o:lenovo:thinkcentre_m6500t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6500s_firmware cpe:2.3:o:lenovo:thinkcentre_m6500s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6600_firmware cpe:2.3:o:lenovo:thinkcentre_m6600_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6600q_firmware cpe:2.3:o:lenovo:thinkcentre_m6600q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6600t_firmware cpe:2.3:o:lenovo:thinkcentre_m6600t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6600s_firmware cpe:2.3:o:lenovo:thinkcentre_m6600s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m700q_firmware cpe:2.3:o:lenovo:thinkcentre_m700q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m700t_firmware cpe:2.3:o:lenovo:thinkcentre_m700t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m700s_firmware cpe:2.3:o:lenovo:thinkcentre_m700s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m710e_firmware cpe:2.3:o:lenovo:thinkcentre_m710e_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m710q_firmware cpe:2.3:o:lenovo:thinkcentre_m710q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m710t_firmware cpe:2.3:o:lenovo:thinkcentre_m710t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m710s_firmware cpe:2.3:o:lenovo:thinkcentre_m710s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m715q_firmware cpe:2.3:o:lenovo:thinkcentre_m715q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m715q_rr_firmware cpe:2.3:o:lenovo:thinkcentre_m715q_rr_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m715t_firmware cpe:2.3:o:lenovo:thinkcentre_m715t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m715s_firmware cpe:2.3:o:lenovo:thinkcentre_m715s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m720q_firmware cpe:2.3:o:lenovo:thinkcentre_m720q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m720t_firmware cpe:2.3:o:lenovo:thinkcentre_m720t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m720s_firmware cpe:2.3:o:lenovo:thinkcentre_m720s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m725s_firmware cpe:2.3:o:lenovo:thinkcentre_m725s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m73_firmware cpe:2.3:o:lenovo:thinkcentre_m73_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m73_tiny_firmware cpe:2.3:o:lenovo:thinkcentre_m73_tiny_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m73p_firmware cpe:2.3:o:lenovo:thinkcentre_m73p_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m79_firmware cpe:2.3:o:lenovo:thinkcentre_m79_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m800_firmware cpe:2.3:o:lenovo:thinkcentre_m800_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m83_firmware cpe:2.3:o:lenovo:thinkcentre_m83_firmware:-:*:*:*:*:*:*:*

References for CVE-2019-6170

cvelogic Threat Intelligence