CVE-2019-8372
First published: Mon Feb 18 2019(Updated: )
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lg Lha.sys | <1.1.1811.2101 | |
| <1.1.1811.2101 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-8372?
CVE-2019-8372 is a vulnerability in the LHA.sys driver in LG Device Manager that allows low-privileged users to read and write arbitrary physical memory and elevate system privileges.
How does CVE-2019-8372 occur?
CVE-2019-8372 occurs because the LHA.sys driver in LG Device Manager exposes functionality that allows low-privileged users to exploit it via specially crafted IOCTL requests.
What is the severity of CVE-2019-8372?
CVE-2019-8372 has a severity level of high.
Which software is affected by CVE-2019-8372?
The affected software is LG Device Manager with LHA.sys driver version 1.1.1811.2101.
How can CVE-2019-8372 be fixed?
To fix CVE-2019-8372, users should apply the latest security updates provided by LG.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/lg
- canonical/lg lha.sys