CVE-2019-8372

The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
lglha.sys
𝑥
< 1.1.1811.2101
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.jackson-t.ca/lg-driver-lpe.html
https://lgsecurity.lge.com/security_updates.html
https://twitter.com/Jackson_T/status/1097353402034475009
http://www.jackson-t.ca/lg-driver-lpe.html
https://lgsecurity.lge.com/security_updates.html
https://twitter.com/Jackson_T/status/1097353402034475009