CVE-2019-8372
Summary
| CVE | CVE-2019-8372 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-18 15:29:00 UTC |
| Updated | 2019-02-26 13:59:00 UTC |
| Description | The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL. |
Risk And Classification
Problem Types: CWE-59
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| LG Security Bulletins | MISC | lgsecurity.lge.com | Vendor Advisory |
| CVE-2019-8372: Local Privilege Elevation in LG Kernel Driver - @Jackson_T | MISC | www.jackson-t.ca | Exploit, Third Party Advisory |
| Jackson T. na Twitterze: "CVE-2019-8372: Local Privilege Elevation in LG Device Manager. This post details a driver-based LPE with an in-depth tutorial on discovery to root and details on two new tools. https://t.co/9jO6FDbeIH… https://t.co/QdBH2MuYRf" | MISC | twitter.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.