Vulnerability in Lenovo System_update

CVE-2015-2234

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after th…

Vulnerability class: Race Condition

EPSS: 0.000 (8.0th percentile) — read the EPSS interpretation.

Affected products

Lenovo System_update
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
74634 (vdb-entry, x_refsource_BID)
1032268 (vdb-entry, x_refsource_SECTRACK)