CVE-2024-10253 - Vulnerability Details - OpenCVE

A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://iknow.lenovo.com.cn/detail/425367

History

Tue, 14 Jan 2025 21:30:00 +0000

Type	Values Removed	Values Added
Description		A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
Weaknesses		CWE-122
References		https://iknow.lenovo.com.cn/detail/425367
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2025-01-14T21:17:52.869Z

Updated: 2025-01-15T15:30:12.193Z

Reserved: 2024-10-22T16:45:35.218Z

Link: CVE-2024-10253

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-14T22:15:25.920

Modified: 2025-01-14T22:15:25.920

Link: CVE-2024-10253

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10253", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2024-10-22T16:45:35.218Z", "datePublished": "2025-01-14T21:17:52.869Z", "dateUpdated": "2025-01-15T15:30:12.193Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PC Manager", "vendor": "Lenovo", "versions": [{"lessThan": "5.1.90.12092", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Browser", "vendor": "Lenovo", "versions": [{"lessThan": "9.0.5.12181", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "App Store", "vendor": "Lenovo", "versions": [{"lessThan": "9.0.20", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Gareth Evans of Kryc for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><div><p>A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.</p></div></div></div>"}], "value": "A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2025-01-14T21:17:52.869Z"}, "references": [{"url": "https://iknow.lenovo.com.cn/detail/425367"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update PC Manager to version 5.1.90.12092 or later.</p>"}], "value": "Update PC Manager to version 5.1.90.12092 or later."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Lenovo Browser to version 9.0.5.12181 or later.</span>\n\n<br>"}], "value": "Update Lenovo Browser to version 9.0.5.12181 or later."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Lenovo App Store to version 9.0.20 or later.</span>\n\n<br>"}], "value": "Update Lenovo App Store to version 9.0.20 or later."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-15T15:30:02.622749Z", "id": "CVE-2024-10253", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-15T15:30:12.193Z"}}]}}