CVE-2019-8372

high

Description

The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.

References

https://twitter.com/Jackson_T/status/1097353402034475009

https://lgsecurity.lge.com/security_updates.html

http://www.jackson-t.ca/lg-driver-lpe.html

Details

Source: Mitre, NVD

Published: 2019-02-18

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00199