Search criteria
2 vulnerabilities found for lha.sys by lg
CVE-2019-8372 (GCVE-0-2019-8372)
Vulnerability from nvd – Published: 2019-02-18 15:00 – Updated: 2024-08-04 21:17
VLAI?
Summary
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://twitter.com/Jackson_T/status/109735340203… | x_refsource_MISC |
| http://www.jackson-t.ca/lg-driver-lpe.html | x_refsource_MISC |
| https://lgsecurity.lge.com/security_updates.html | x_refsource_MISC |
Date Public ?
2019-02-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Jackson_T/status/1097353402034475009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jackson-t.ca/lg-driver-lpe.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/security_updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Jackson_T/status/1097353402034475009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jackson-t.ca/lg-driver-lpe.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lgsecurity.lge.com/security_updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/Jackson_T/status/1097353402034475009",
"refsource": "MISC",
"url": "https://twitter.com/Jackson_T/status/1097353402034475009"
},
{
"name": "http://www.jackson-t.ca/lg-driver-lpe.html",
"refsource": "MISC",
"url": "http://www.jackson-t.ca/lg-driver-lpe.html"
},
{
"name": "https://lgsecurity.lge.com/security_updates.html",
"refsource": "MISC",
"url": "https://lgsecurity.lge.com/security_updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8372",
"datePublished": "2019-02-18T15:00:00.000Z",
"dateReserved": "2019-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8372 (GCVE-0-2019-8372)
Vulnerability from cvelistv5 – Published: 2019-02-18 15:00 – Updated: 2024-08-04 21:17
VLAI?
Summary
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://twitter.com/Jackson_T/status/109735340203… | x_refsource_MISC |
| http://www.jackson-t.ca/lg-driver-lpe.html | x_refsource_MISC |
| https://lgsecurity.lge.com/security_updates.html | x_refsource_MISC |
Date Public ?
2019-02-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Jackson_T/status/1097353402034475009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jackson-t.ca/lg-driver-lpe.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/security_updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Jackson_T/status/1097353402034475009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jackson-t.ca/lg-driver-lpe.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lgsecurity.lge.com/security_updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/Jackson_T/status/1097353402034475009",
"refsource": "MISC",
"url": "https://twitter.com/Jackson_T/status/1097353402034475009"
},
{
"name": "http://www.jackson-t.ca/lg-driver-lpe.html",
"refsource": "MISC",
"url": "http://www.jackson-t.ca/lg-driver-lpe.html"
},
{
"name": "https://lgsecurity.lge.com/security_updates.html",
"refsource": "MISC",
"url": "https://lgsecurity.lge.com/security_updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8372",
"datePublished": "2019-02-18T15:00:00.000Z",
"dateReserved": "2019-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}