Multi-Vendor Desktop & WorkStation BIOS Security Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-28078

**Potential Impact:**Escalation of Privilege, Denial of Service, Information Disclosure

Severity: High

Scope of Impact: Industry-wide

**CVE Identifier:**CVE-2019-6190

Summary Description:

When possible, Lenovo consolidates multiple BIOS security fixes and enhancements into as few updates as possible. The following list of vulnerabilities were reported by suppliers and researchers or were found during our regular internal testing. The vulnerabilities reported below only affect Lenovo Desktop, ThinkCentre, and ThinkStation products.

AMI:

Due to AMI security enhancements, Lenovo has updated BIOS for the applicable products listed in the Product Impact section below.

Lenovo:

CVE-2019-6190: Lenovo was notified of a potential denial of service vulnerability that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update system firmware to the version (or newer) indicated for your model in the Product Impact section below.

Product Impact: