CVE-2019-10724 Information
Description
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642 AIO310-20IAP 6.0.1.8642 AIO510-22ISH 6.0.1.8642 AIO510-23ISH 6.0.1.8642 AIO520-22IKL 6.0.1.8642 AIO520-22IKU 6.0.1.8642 AIO520-24IKL 6.0.1.8642 AIO520-24IKU 6.0.1.8642 AIO520-27IKL 6.0.1.8642 AIO720-24IKB 6.0.1.8642 IdeaCentre 520S-23IKU 6.0.1.8642 ThinkCentre M700z 6.0.1.8642 ThinkCentre M800z 6.0.1.8642 ThinkCentre M810z 6.0.1.8642 ThinkCentre M818z 6.0.1.8642 ThinkCentre M900Z 6.0.1.8642 ThinkCentre M910z 6.0.1.8642 V410z(YT S4250) 6.0.1.8642 330-14IKBR Win10:6.0.1.8652 330-15IKBR Win10:6.0.1.8652 330-15IKBR (Brazil) Win10:6.0.1.8652 330-15IKBR Touch Win10:6.0.1.8652 330-17IKBR Win10:6.0.1.8652 YOGA 730-13IKB Win10:6.0.1.8644 YOGA 730-15IKB Win10:6.0.1.8644 ThinkPad L560 6.0.1.8644 and 6.0.1.8652 ThinkPad L570 6.0.1.8644 and 6.0.1.8652 ThinkPad P50 6.0.1.8642 ThinkPad P50s 6.0.1.8642 ThinkPad P51s (20Jx 20Kx) 6.0.1.8642 ThinkPad P51s (20Hx) 6.0.1.8642 ThinkPad P52s 6.0.1.8642 ThinkPad P70 6.0.1.8642 ThinkPad T25 6.0.1.8642 ThinkPad T460s 6.0.1.8642 ThinkPad T470 6.0.1.8642 ThinkPad T470s 6.0.1.8642 ThinkPad T480 6.0.1.8642 ThinkPad T480s 6.0.1.8642 ThinkPad T560 6.0.1.8642 ThinkPad T570 6.0.1.8642 ThinkPad T580 6.0.1.8642 ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54 ThinkPad X1 Carbon 6th 6.0.1.8642 ThinkPad X1 Carbon X1 Yoga 8.66.62.92 and 8.66.62.54 ThinkPad X1 Tablet (20Gx) 6.0.1.8642 ThinkPad X1 Tablet (20Jx) 6.0.1.8642 ThinkPad X1 Tablet Gen 3 6.0.1.8642 ThinkPad X1 Yoga (20Jx) 8.66.88.60 ThinkPad X1 Yoga 3rd 6.0.1.8642 ThinkPad X280 6.0.1.8642 ThinkPad Yoga 260 S1 8.66.62.92 and 8.66.62.54.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Reference
https://lenovomobilesupport.lenovo.com/us/en/product_security/home https://support.lenovo.com/us/en/solutions/LEN-26251
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
6.5
Share on: