Race Condition Vulnerability in Lenovo System Update Software
CVE-2015-2234

Currently unrated

Key Information:

Vendor: Lenovo
Status: System Update
Vendor: CVE Published:; 12 May 2015

Summary

A race condition exists in Lenovo's System Update (formerly ThinkVantage System Update) prior to version 5.06.0034, allowing local users to exploit world-writable permissions allowed for the update files directory. This vulnerability enables an attacker to execute code with elevated privileges by manipulating an update file after its signature has been verified, potentially compromising the integrity and security of the system.

References

http://www.ioactive.com/pdfs/Lenovo_System_Update_Multipl...

x_refsource_MISC

http://support.lenovo.com/us/en/product_security/lsu_priv...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74634

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
Mar 6, 2015