A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
History

Fri, 15 Nov 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Lenovo dolby Vision Provisioning
CPEs cpe:2.3:a:lenovo:dolby_vision_provisioning:*:*:*:*:*:*:*:*
Vendors & Products Lenovo dolby Vision Provisioning

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Lenovo
Lenovo dolby Vision Provisioning Software
CPEs cpe:2.3:a:lenovo:dolby_vision_provisioning_software:*:*:*:*:*:*:*:*
Vendors & Products Lenovo
Lenovo dolby Vision Provisioning Software
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 11 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
Description A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2024-10-11T15:15:12.643Z

Updated: 2024-10-11T19:07:47.060Z

Reserved: 2024-05-29T14:21:27.520Z

Link: CVE-2024-5474

cve-icon Vulnrichment

Updated: 2024-10-11T19:07:34.223Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-11T16:15:14.440

Modified: 2024-11-15T17:00:35.697

Link: CVE-2024-5474

cve-icon Redhat

No data.