Описание
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.1811.2101 (исключая)
cpe:2.3:a:lg:lha.sys:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00184
Низкий
7 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-59
Связанные уязвимости
CVSS3: 7
github
больше 3 лет назад
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
EPSS
Процентиль: 40%
0.00184
Низкий
7 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-59