Lenovo Security Advisory: LEN-27764
Potential Impact: Privilege escalation
Severity: Medium
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2019-6171
Summary Description:
A vulnerability was reported in older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the version of BIOS (or later) described for your system in the product impact section.