CVE-2024-10253

Published Jan 14, 2025

Last updated a month ago

CVSS medium 4.7

Overview

Description
A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
Source
psirt@lenovo.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
4.7
Impact score
3.6
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

psirt@lenovo.com
CWE-122

Social media

Hype score
Not currently trending

  1. Looks like Lenovo fixed the two kernel heap corruptions I reported last year in Lenovo Protect. Full vulnerability reports for CVE-2024-10253 and CVE-2024-10254 now available on https://t.co/OLQqNlFHmk

    @kryc_uk

    17 Jan 2025

    1290 Impressions

    3 Retweets

    18 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

References