CVE-2019-6188
📋 TL;DR
This vulnerability in Lenovo ThinkPad BIOS fails to trigger tamper detection mechanisms, potentially allowing attackers to modify BIOS firmware without detection. This affects Lenovo ThinkPad T460p and T470p laptops with vulnerable BIOS versions. Attackers could gain persistent access to compromised systems.
💻 Affected Systems
- Lenovo ThinkPad T460p
- Lenovo ThinkPad T470p
📦 What is this software?
Legion T530 28apr Reflash Firmware by Lenovo
View all CVEs affecting Legion T530 28apr Reflash Firmware →
Legion T530 28icb Reflash Firmware by Lenovo
View all CVEs affecting Legion T530 28icb Reflash Firmware →
Thinkcentre M83z \(aio\) Firmware by Lenovo
Thinkcentre M93z \(aio\) Firmware by Lenovo
Thinkpad S2 Yoga 3rd Gen Firmware by Lenovo
Thinkpad S2 Yoga 4th Gen Firmware by Lenovo
Thinkpad S5 2nd Generation Firmware by Lenovo
View all CVEs affecting Thinkpad S5 2nd Generation Firmware →
Thinksystem Hr630x \(skl\) Firmware by Lenovo
View all CVEs affecting Thinksystem Hr630x \(skl\) Firmware →
Thinksystem Hr650x \(skl\) Firmware by Lenovo
View all CVEs affecting Thinksystem Hr650x \(skl\) Firmware →
Thinksystem Odc5200 Cn650s Firmware by Lenovo
View all CVEs affecting Thinksystem Odc5200 Cn650s Firmware →
Xiaoxin Tide 7000 15 U22 Firmware by Lenovo
Xiaoxin Tide 7000 15 U42 Firmware by Lenovo
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains persistent rootkit-level access to BIOS, enabling undetectable malware persistence, complete system compromise, and bypass of all OS-level security controls.
Likely Case
Targeted attacks against specific organizations to establish persistent foothold on compromised laptops, potentially leading to data exfiltration or credential theft.
If Mitigated
With physical security controls and BIOS updates, risk reduces to minimal, though legacy systems remain vulnerable.
🎯 Exploit Status
Exploitation requires administrative/BIOS-level access or physical access to the device.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: T460p: R07ET91W or later; T470p: R0FET51W or later
Vendor Advisory: https://support.lenovo.com/us/en/product_security/LEN-27714
Restart Required: Yes
Instructions:
1. Download BIOS update from Lenovo support site. 2. Run the update executable as administrator. 3. Follow on-screen prompts. 4. System will restart automatically to complete installation.
🔧 Temporary Workarounds
Physical Security Controls
allRestrict physical access to devices to prevent BIOS tampering.
BIOS Password Protection
allEnable BIOS supervisor password to restrict unauthorized BIOS modifications.
🧯 If You Can't Patch
- Implement strict physical security controls for vulnerable devices
- Monitor for unauthorized BIOS modification attempts and maintain device integrity logs
🔍 How to Verify
Check if Vulnerable:
Check BIOS version in system settings or using Lenovo Vantage software. Compare against vulnerable versions: T460p ≤ R07ET90W, T470p ≤ R0FET50W.Check Version:
Windows: wmic bios get smbiosbiosversion; Linux: sudo dmidecode -s bios-versionVerify Fix Applied:
Verify BIOS version is updated to T460p: ≥ R07ET91W or T470p: ≥ R0FET51W.📡 Detection & Monitoring
Log Indicators:
- BIOS modification events in system logs
- Unexpected system restarts with BIOS update prompts
Network Indicators:
- Unusual BIOS update traffic from unexpected sources
SIEM Query:
EventID=12 OR EventID=13 (System startup/shutdown) correlated with BIOS-related processes