NVD Vulnerability Detail

CVE-2019-8372

Summary	The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
Publication Date	Feb. 19, 2019, 12:29 a.m.
Registration Date	Jan. 26, 2021, 11:44 a.m.
Last Update	Nov. 21, 2024, 1:49 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:lg:lha.sys::::::::					1.1.1811.2101

Related information, measures and tools

No	URL	タグ
1	http://www.jackson-t.ca/lg-driver-lpe.html	Exploit Third Party Advisory
2	https://lgsecurity.lge.com/security_updates.html	Vendor Advisory
3	https://twitter.com/Jackson_T/status/1097353402034475009	Third Party Advisory
4	http://www.jackson-t.ca/lg-driver-lpe.html	Exploit Third Party Advisory
5	https://twitter.com/Jackson_T/status/1097353402034475009	Third Party Advisory
6	https://lgsecurity.lge.com/security_updates.html	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-59	リンク解釈の問題	https://cwe.mitre.org/data/definitions/59.html

JVN Vulnerability Information

LHA sys ドライバにおけるリンク解釈に関する脆弱性

Title	LHA sys ドライバにおけるリンク解釈に関する脆弱性
Summary	LHA sys ドライバには、リンク解釈に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 17, 2019, midnight
Registration Date	April 2, 2019, 2:59 p.m.
Last Update	April 2, 2019, 2:59 p.m.

Affected System

LG Electronics

LHA sys ドライバ 1.1.1811.2101

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-8372	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8372
2	CVE-2019-8372	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8372
National Vulnerability Database (NVD)
3	CVE-2019-8372	https://nvd.nist.gov/vuln/detail/CVE-2019-8372
4	CVE-2019-8372	https://nvd.nist.gov/vuln/detail/CVE-2019-8372
関連文書
5	CVE-2019-8372: Local Privilege Elevation in LG Kernel Driver	http://www.jackson-t.ca/lg-driver-lpe.html
6	CVE-2019-8372: Local Privilege Elevation in LG Kernel Driver	http://www.jackson-t.ca/lg-driver-lpe.html

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-59	https://jvndb.jvn.jp/ja/cwe/CWE-59.html
2	CWE-59	https://jvndb.jvn.jp/ja/cwe/CWE-59.html

ベンダー情報

Change Log

No	Changed Details	Date of change
1	[2019年04月02日] 掲載	April 2, 2019, 2:59 p.m.