CVE-2019-10724

3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 47.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo 330-14ikbr Firmware Lenovo 330-15ikbr Firmware Lenovo 330-15ikbr Touch Firmware +44 more

Timeline

PublishedAug 29

Latest updateMay 24

Description

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages47 packages

▶NVDlenovo/thinkpad_x1_yoga_firmware< 8.66.62.92

▶NVDlenovo/thinkpad_yoga_s1_firmware< 8.66.62.92

▶NVDlenovo/thinkpad_yoga_260_firmware< 8.66.62.92

▶NVDlenovo/thinkpad_x1_yoga_3rd_firmware< 6.0.1.8642

▶NVDlenovo/thinkpad_x1_carbon_firmware< 8.66.76.72

🔴Vulnerability Details

GHSA

GHSA-ffjr-qvmv-p6h7: There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at↗2022-05-24

▶

CVEList

CVE-2019-10724: There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at↗2019-08-28

▶