CVE-2019-8372

Sažetak

The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.

Reference

http://www.jackson-t.ca/lg-driver-lpe.html
https://lgsecurity.lge.com/security_updates.html
https://twitter.com/Jackson_T/status/1097353402034475009

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

26-02-2019 - 13:59

Objavljeno

18-02-2019 - 15:29