Lenovo Power Management Driver Vulnerability - Lenovo Support US

Lenovo Security Advisory: LEN-29334

Potential Impact: Denial of Service

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2019-6192

Summary Description:

A potential vulnerability has been reported in the Lenovo Power Management Driver which could lead to a denial of service.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update to Lenovo Power Management driver version 1.67.17.48 or higher for the following models:

                   ThinkPad 13 Gen 2        (Machine types: 20J1, 20J2)
                   ThinkPad 25
                   ThinkPad A275, A285, A475, A485
                   ThinkPad E14             (Machine types: 20RA, 20RB)
                   ThinkPad E15             (Machine types: 20RD, 20RE)
                   ThinkPad E470, E470c, E475, E480, E490, E495
                   ThinkPad E570, E570c, E575, E580, E590, E595
                   ThinkPad L13             (Machine types: 20R3, 20R4)
                   ThinkPad L13 Yoga        (Machine types: 20R5, 20R6)
                   ThinkPad L380            (Machine types: 20M5, 20M6)
                   ThinkPad L380 Yoga       (Machine types: 20M7, 20M8)
                   ThinkPad L390            (Machine types: 20NR, 20NS)
                   ThinkPad L390 Yoga       (Machine types: 20NT, 20NU)
                   ThinkPad L470, L480, L490
                   ThinkPad L570, L580, L590
                   ThinkPad P1              (Machine types: 20MD, 20ME)
                   ThinkPad P1 Gen 2        (Machine types: 20QT, 20QU)
                   ThinkPad P43s            (Machine types: 20RH, 20RJ)
                   ThinkPad P51, P51s, P52, P53, P52s, P53s
                   ThinkPad P71, P72
                   ThinkPad P73             (Machine types: 20QR, 20QS)
                   ThinkPad R14             (Machine types: 20RC)
                   ThinkPad R480
                   ThinkPad S1 Gen 4        (Machine types: 20LK, 20LL)
                   ThinkPad S2 Gen 2        (Machine types: 20J3)
                   ThinkPad S2 Gen 5        (Machine types: 20R7)
                   ThinkPad S2 Yoga Gen 5   (Machine types: 20R8)
                   ThinkPad S3 Gen 2        (Machine types: 20RG)
                   ThinkPad S5 Gen 2        (Machine types: 20JA)
                   ThinkPad T470, T470p, T470s
                   ThinkPad T480            (Machine types: 20L5, 20L6)
                   ThinkPad T480s           (Machine types: 20L7, 20L8)
                   ThinkPad T490            (Machine types: 20N2,20N3,20Q9,20QH,20RY,20RX)
                   ThinkPad T490s           (Machine types: 20NX, 20NY)
                   ThinkPad T495            (Machine types: 20NJ, 20NK)
                   ThinkPad T570            (Machine types: 20H9, 20HA)
                   ThinkPad T580            (Machine types: 20L9, 20LA)
                   ThinkPad T590            (Machine types: 20N4, 20N5)
                   ThinkPad X1 Carbon Gen 5 (Machine types: 20HQ,20HR,20K3,20K4)
                   ThinkPad X1 Carbon Gen 6 (Machine types: 20KH, 20KG)
                   ThinkPad X1 Carbon Gen 7 (Machine types: 20QD, 20QE, 20R1, 20R2)
                   ThinkPad X1 Tablet Gen 2 (Machine types: 20JB, 20JC)
                   ThinkPad X1 Tablet Gen 3 (Machine types: 20KJ, 20KK)
                   ThinkPad X1 Yoga Gen 2   (Machine types: 20JD,20JE,20JF,20JG)
                   ThinkPad X1 Yoga Gen 3   (Machine types: 20LD,20LE,20LF,20LG)
                   ThinkPad X1 Yoga Gen 4   (Machine types: 20QF, 20QG, 20SA ,20SB)
                   ThinkPad X1 Extreme      (Machine types: 20MF, 20MG)
                   ThinkPad X1 Extreme 2nd  (Machine types: 20QV, 20QW)
                   ThinkPad X270            (Machine types: 20HM, 20HN)
                   ThinkPad X280            (Machine types: 20KE, 20KF)
                   ThinkPad X380 Yoga       (Machine types: 20LH, 20LJ)
                   ThinkPad X390            (Machine types: 20Q0, 20Q1)
                   ThinkPad X390 Yoga       (Machine types: 20NN, 20NQ)
                   ThinkPad X395            (Machine types: 20NL, 20NM)
                   ThinkPad Yoga 370        (Machine types: 20JH, 20JJ)

Update to Lenovo Power Management driver version 1.67.16.42 or higher for the following models:

• ThinkPad 8
• ThinkPad 10 Gen 1 (Machine types: 20C1, 20C3)
• ThinkPad 10 Gen 2 (Machine types: 20E3, 20E4)
• ThinkPad 11e Gen 1 (Machine types: 20D9, 20DA)
• ThinkPad 11e Gen 2 (Machine types: 20E6, 20E8, 20ED, 20EE)
• ThinkPad 11e Gen 3 (Machine types: 20G9, 20GB)
• ThinkPad 11e Gen 4 (Machine types: 20HT, 20HV)
• ThinkPad 13 Gen 1(Machine types: 20GJ, 20GK)
• ThinkPad E450, E450c, E455, E460, E465
• ThinkPad E550, E550c, E555, E560, E560p, E565
• ThinkPad Edge E130, E135, E145
• ThinkPad Edge E330, E335
• ThinkPad Edge E430, E430c, E431, E435, E440, E445
• ThinkPad Edge E530, E530c, E531, E535, E540, E545
• ThinkPad Edge S430
• ThinkPad Helix (Machine types: 369x, 370x)
• ThinkPad Helix 2nd Gen (Machine types: 20CG, 20CH)
• ThinkPad L330
• ThinkPad L430, L440, L450, L460
• ThinkPad L530, L540, L560
• ThinkPad P40 Yoga
• ThinkPad P50, P50s
• ThinkPad P70
• ThinkPad S531, S540
• ThinkPad T430, T430i, T430s, T430si, T430u, T431s, T440,
• T440p, T440s
• ThinkPad T450, T450s, T460, T460p, T460s
• ThinkPad T530, T530i, T540p, T550, T560
• ThinkPad Twist S230u
• ThinkPad W530, W540, W541, W550s
• ThinkPad X1 Carbon Gen 1 (Machine types: 34xx)
• ThinkPad X1 Carbon Gen 2 (Machine types: 20A7, 20A8)
• ThinkPad X1 Carbon Gen 3 (Machine types: 20BS, 20BT)
• ThinkPad X1 Carbon Gen 4 (Machine types: 20FB, 20FC)
• ThinkPad X1 Tablet Gen 1 (Machine types: 20GG, 20GH)
• ThinkPad X1 Yoga Gen 1 (Machine types: 20FQ, 20FR)
• ThinkPad X230, X230 Tablet, X230i, X230i Tablet, X230s
• ThinkPad X240, X240s, X250, X260
• ThinkPad Yoga 11e Gen 1 (Machine types: 20D9, 20DA)
• ThinkPad Yoga 11e Gen 2 (Machine types: 20E5, 20E7)
• ThinkPad Yoga 11e Gen 3 (Machine types: 20G8, 20GA)
• ThinkPad Yoga 11e Gen 4 (Machine types: 20HS, 20HU)
• ThinkPad Yoga 14
• ThinkPad Yoga 260
• ThinkPad Yoga 460
• Lenovo B4400, B4400s, B4450s
• Lenovo E4430
• Lenovo K29, K49
• Lenovo K2450, K4350, K4450
• Lenovo M4400, M4400s, M4450
• Lenovo Tablet 10
• Lenovo V4400, V4400u

References:

Lenovo thanks Nassim Asrir for reporting this issue.

Revision History:

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.