CVE-2015-2234

CWE-362Race Condition3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.0%
top 92.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo System Update
Timeline
PublishedMay 12
Latest updateMay 17

Description

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDlenovo/system_update5.06.0027

🔴Vulnerability Details

2
GHSA
GHSA-8frw-6498-cgq3: Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 52022-05-17
CVEList
CVE-2015-2234: Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 52015-05-12
CVE-2015-2234 (MEDIUM CVSS 6.9) | Race condition in Lenovo System Upd | cvebase.io