Back to search
CVE-2019-8372
Published: Feb 18, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://twitter.com/Jackson_T/status/1097353402034475009
x_refsource_MISC
http://www.jackson-t.ca/lg-driver-lpe.html
x_refsource_MISC
https://lgsecurity.lge.com/security_updates.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now