A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Lenovo
Lenovo dolby Vision Provisioning Software
CPEs cpe:2.3:a:lenovo:dolby_vision_provisioning_software:*:*:*:*:*:*:*:*
Vendors & Products Lenovo
Lenovo dolby Vision Provisioning Software
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 11 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
Description A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2024-10-11T15:15:12.643Z

Updated: 2024-10-11T19:07:47.060Z

Reserved: 2024-05-29T14:21:27.520Z

Link: CVE-2024-5474

cve-icon Vulnrichment

Updated: 2024-10-11T19:07:34.223Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-11T16:15:14.440

Modified: 2024-10-15T12:58:51.050

Link: CVE-2024-5474

cve-icon Redhat

No data.