CVE-2019-8372
HIGHLG LHA.sys < 1.1.1811.2101 - Privilege Escalation via IOCTL Requests
Title source: llmDescription
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://twitter.com/Jackson_T/status/1097353402034475009
Exploit, Third Party Advisory x_refsource_misc
http://www.jackson-t.ca/lg-driver-lpe.html
Vendor Advisory x_refsource_misc
https://lgsecurity.lge.com/security_updates.html
Scores
CVSS v3
7.0
EPSS
0.0054
EPSS Percentile
40.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (1)
lg/lha.sys
< 1.1.1811.2101
Published
Feb 18, 2019
Tracked Since
Feb 18, 2026