CVE-2024-5474 MEDIUM

CVE-2024-5474

Vendor Lenovo
Product Dolby Vision Provisioning software
Weakness CWE-276
Published October 11, 2024
Last update October 11, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.

Key dates

02Disclosure timeline

October 11, 2024 CVE published
October 11, 2024 Record updated