TOCTOU Vulnerability in Lenovo Software Products
CVE-2024-10253

4.7MEDIUM

Key Information:

Vendor
Lenovo
Vendor
CVE Published:
14 January 2025

Summary

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in Lenovo's software products, including PC Manager, Lenovo Browser, and Lenovo App Store. This vulnerability could enable a local attacker to exploit the timing issue, potentially resulting in a system crash and disrupting normal operations. Users of these affected Lenovo products should be vigilant and consider applying relevant updates or patches to mitigate the risk.

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.