Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10724

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.5, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 216 products from lenovo, from lenovo, from lenovo and 213 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-08-29T00:15:10.577

Last Modified

2024-11-21T04:19:48.827

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

6.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	legion_y520t_z370_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	legion_y520t_z370	-	No
Operating System	lenovo	aio310-20iap_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio310-20iap	-	No
Operating System	lenovo	aio510-22ish_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio510-22ish	-	No
Operating System	lenovo	aio510-23ish_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio510-23ish	-	No
Operating System	lenovo	aio520-22ikl_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio520-22ikl	-	No
Operating System	lenovo	aio520-22iku_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio520-22iku	-	No
Operating System	lenovo	aio520-24ikl_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio520-24ikl	-	No
Operating System	lenovo	aio520-24iku_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio520-24iku	-	No
Operating System	lenovo	aio520-27ikl_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio520-27ikl	-	No
Operating System	lenovo	aio720-24ikb_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	aio720-24ikb	-	No
Operating System	lenovo	ideacentre_520s-23iku_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	ideacentre_520s-23iku	-	No
Operating System	lenovo	thinkcentre_m700z_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkcentre_m700z	-	No
Operating System	lenovo	thinkcentre_m800z_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkcentre_m800z	-	No
Operating System	lenovo	thinkcentre_m810z_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkcentre_m810z	-	No
Operating System	lenovo	thinkcentre_m818z_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkcentre_m818z	-	No
Operating System	lenovo	thinkcentre_m900z_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkcentre_m900z	-	No
Operating System	lenovo	thinkcentre_m910z_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkcentre_m910z	-	No
Operating System	lenovo	v410z\(yt_s4250\)_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	v410z\(yt_s4250\)	-	No
Operating System	lenovo	100e_2nd_gen_firmware	-	Yes
Hardware	lenovo	100e_2nd_gen	-	No
Operating System	lenovo	300e_2nd_gen_firmware	-	Yes
Hardware	lenovo	300e_2nd_gen	-	No
Operating System	lenovo	330-14ikbr_firmware	< 6.0.1.8652	Yes
Hardware	lenovo	330-14ikbr	-	No
Operating System	lenovo	330-15ikbr_firmware	< 6.0.1.8652	Yes
Hardware	lenovo	330-15ikbr	-	No
Operating System	lenovo	330-15ikbr_touch_firmware	< 6.0.1.8652	Yes
Hardware	lenovo	330-15ikbr_touch	-	No
Operating System	lenovo	330-17ikbr_firmware	< 6.0.1.8652	Yes
Hardware	lenovo	330-17ikbr	-	No
Operating System	lenovo	720s_touch-15ikb_firmware	-	Yes
Hardware	lenovo	720s_touch-15ikb	-	No
Operating System	lenovo	720s-15ikb_firmware	-	Yes
Hardware	lenovo	720s-15ikb	-	No
Operating System	lenovo	b330-15ikbr_firmware	-	Yes
Hardware	lenovo	b330-15ikbr	-	No
Operating System	lenovo	e43-80_firmware	-	Yes
Hardware	lenovo	e43-80	-	No
Operating System	lenovo	e53-80_firmware	-	Yes
Hardware	lenovo	e53-80	-	No
Operating System	lenovo	flex_5-1470\(r\)_firmware	-	Yes
Hardware	lenovo	flex_5-1470\(r\)	-	No
Operating System	lenovo	flex_5-1570\(r\)_firmware	-	Yes
Hardware	lenovo	flex_5-1570\(r\)	-	No
Operating System	lenovo	k42-80_firmware	-	Yes
Hardware	lenovo	k42-80	-	No
Operating System	lenovo	k43c-80_firmware	-	Yes
Hardware	lenovo	k43c-80	-	No
Operating System	lenovo	miix_520-12ikb_firmware	-	Yes
Hardware	lenovo	miix_520-12ikb	-	No
Operating System	lenovo	miix_525-12ikb_firmware	-	Yes
Hardware	lenovo	miix_525-12ikb	-	No
Operating System	lenovo	v330-14ikb_firmware	-	Yes
Hardware	lenovo	v330-14ikb	-	No
Operating System	lenovo	v330-14isk_firmware	-	Yes
Hardware	lenovo	v330-14isk	-	No
Operating System	lenovo	v330-15ikb_firmware	-	Yes
Hardware	lenovo	v330-15ikb	-	No
Operating System	lenovo	v330-15isk_firmware	-	Yes
Hardware	lenovo	v330-15isk	-	No
Operating System	lenovo	v720-14_firmware	-	Yes
Hardware	lenovo	v720-14	-	No
Operating System	lenovo	v730-15ikb_firmware	-	Yes
Hardware	lenovo	v730-15ikb	-	No
Operating System	lenovo	yoga_520-14ikbr_firmware	-	Yes
Hardware	lenovo	yoga_520-14ikbr	-	No
Operating System	lenovo	yoga_720-12ikb_firmware	-	Yes
Hardware	lenovo	yoga_720-12ikb	-	No
Operating System	lenovo	yoga_730-13ikb_firmware	< 6.0.1.8644	Yes
Hardware	lenovo	yoga_730-13ikb	-	No
Operating System	lenovo	yoga_730-15ikb_firmware	< 6.0.1.8644	Yes
Hardware	lenovo	yoga_730-15ikb	-	No
Operating System	lenovo	yoga_book_c930_firmware	-	Yes
Hardware	lenovo	yoga_book_c930	-	No
Operating System	lenovo	yoga_c930-13ikb_firmware	-	Yes
Hardware	lenovo	yoga_c930-13ikb	-	No
Operating System	lenovo	yoga_c930-13ikb_glass_firmware	-	Yes
Hardware	lenovo	yoga_c930-13ikb_glass	-	No
Operating System	lenovo	thinkpad_11e_firmware	-	Yes
Hardware	lenovo	thinkpad_11e	-	No
Operating System	lenovo	thinkpad_11e_yoga_firmware	-	Yes
Hardware	lenovo	thinkpad_11e_yoga	-	No
Operating System	lenovo	thinkpad_13_firmware	-	Yes
Hardware	lenovo	thinkpad_13	-	No
Operating System	lenovo	thinkpad_a275_firmware	-	Yes
Hardware	lenovo	thinkpad_a275	-	No
Operating System	lenovo	thinkpad_a475_firmware	-	Yes
Hardware	lenovo	thinkpad_a475	-	No
Operating System	lenovo	thinkpad_e460_firmware	-	Yes
Hardware	lenovo	thinkpad_e460	-	No
Operating System	lenovo	thinkpad_e560_firmware	-	Yes
Hardware	lenovo	thinkpad_e560	-	No
Operating System	lenovo	thinkpad_e465_firmware	-	Yes
Hardware	lenovo	thinkpad_e465	-	No
Operating System	lenovo	thinkpad_e565_firmware	-	Yes
Hardware	lenovo	thinkpad_e565	-	No
Operating System	lenovo	thinkpad_e470_firmware	-	Yes
Hardware	lenovo	thinkpad_e470	-	No
Operating System	lenovo	thinkpad_e570_firmware	-	Yes
Hardware	lenovo	thinkpad_e570	-	No
Operating System	lenovo	thinkpad_e475_firmware	-	Yes
Hardware	lenovo	thinkpad_e475	-	No
Operating System	lenovo	thinkpad_e575_firmware	-	Yes
Hardware	lenovo	thinkpad_e575	-	No
Operating System	lenovo	thinkpad_e480_firmware	-	Yes
Hardware	lenovo	thinkpad_e480	-	No
Operating System	lenovo	thinkpad_e580_firmware	-	Yes
Hardware	lenovo	thinkpad_e580	-	No
Operating System	lenovo	thinkpad_e485_firmware	-	Yes
Hardware	lenovo	thinkpad_e485	-	No
Operating System	lenovo	thinkpad_e585_firmware	-	Yes
Hardware	lenovo	thinkpad_e585	-	No
Operating System	lenovo	thinkpad_e570_firmware	-	Yes
Hardware	lenovo	thinkpad_e570	-	No
Operating System	lenovo	thinkpad_s5_firmware	-	Yes
Hardware	lenovo	thinkpad_s5	-	No
Operating System	lenovo	thinkpad_l380_firmware	-	Yes
Hardware	lenovo	thinkpad_l380	-	No
Operating System	lenovo	thinkpad_l380_yoga_firmware	-	Yes
Hardware	lenovo	thinkpad_l380_yoga	-	No
Operating System	lenovo	thinkpad_l460_firmware	-	Yes
Hardware	lenovo	thinkpad_l460	-	No
Operating System	lenovo	thinkpad_l470_firmware	-	Yes
Hardware	lenovo	thinkpad_l470	-	No
Operating System	lenovo	thinkpad_l480_firmware	-	Yes
Hardware	lenovo	thinkpad_l480	-	No
Operating System	lenovo	thinkpad_l580_firmware	-	Yes
Hardware	lenovo	thinkpad_l580	-	No
Operating System	lenovo	thinkpad_l560_firmware	< 6.0.1.8644	Yes
Hardware	lenovo	thinkpad_l560	-	No
Operating System	lenovo	thinkpad_l570_firmware	< 6.0.1.8644	Yes
Hardware	lenovo	thinkpad_l570	-	No
Operating System	lenovo	thinkpad_p40_firmware	-	Yes
Hardware	lenovo	thinkpad_p40	-	No
Operating System	lenovo	thinkpad_p50_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_p50	-	No
Operating System	lenovo	thinkpad_p50s_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_p50s	-	No
Operating System	lenovo	thinkpad_p51s_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_p51s	-	No
Operating System	lenovo	thinkpad_p52s_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_p52s	-	No
Operating System	lenovo	thinkpad_p70_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_p70	-	No
Operating System	lenovo	thinkpad_s3_yoga_14_firmware	-	Yes
Hardware	lenovo	thinkpad_s3_yoga_14	-	No
Operating System	lenovo	thinkpad_s3-s440_firmware	-	Yes
Hardware	lenovo	thinkpad_s3-s440	-	No
Operating System	lenovo	thinkpad_s5_firmware	-	Yes
Hardware	lenovo	thinkpad_s5	-	No
Operating System	lenovo	thinkpad_e560p_firmware	-	Yes
Hardware	lenovo	thinkpad_e560p	-	No
Operating System	lenovo	thinkpad_t25_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t25	-	No
Operating System	lenovo	thinkpad_t460_firmware	-	Yes
Hardware	lenovo	thinkpad_t460	-	No
Operating System	lenovo	thinkpad_t460p_firmware	-	Yes
Hardware	lenovo	thinkpad_t460p	-	No
Operating System	lenovo	thinkpad_t460s_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t460s	-	No
Operating System	lenovo	thinkpad_t470_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t470	-	No
Operating System	lenovo	thinkpad_t470p_firmware	-	Yes
Hardware	lenovo	thinkpad_t470p	-	No
Operating System	lenovo	thinkpad_t470s_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t470s	-	No
Operating System	lenovo	thinkpad_t480_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t480	-	No
Operating System	lenovo	thinkpad_t480s_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t480s	-	No
Operating System	lenovo	thinkpad_t560_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t560	-	No
Operating System	lenovo	thinkpad_t570_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t570	-	No
Operating System	lenovo	thinkpad_t580_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_t580	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	< 8.66.76.72	Yes
Hardware	lenovo	thinkpad_x1_carbon	-	No
Operating System	lenovo	thinkpad_x1_yoga_firmware	< 8.66.62.92	Yes
Hardware	lenovo	thinkpad_x1_yoga	-	No
Operating System	lenovo	thinkpad_x1_tablet_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_x1_tablet	-	No
Operating System	lenovo	thinkpad_x1_yoga_3rd_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_x1_yoga_3rd	-	No
Operating System	lenovo	thinkpad_x260_firmware	-	Yes
Hardware	lenovo	thinkpad_x260	-	No
Operating System	lenovo	thinkpad_x270_firmware	-	Yes
Hardware	lenovo	thinkpad_x270	-	No
Operating System	lenovo	thinkpad_x280_firmware	< 6.0.1.8642	Yes
Hardware	lenovo	thinkpad_x280	-	No
Operating System	lenovo	thinkpad_x380_yoga_firmware	-	Yes
Hardware	lenovo	thinkpad_x380_yoga	-	No
Operating System	lenovo	thinkpad_yoga_260_firmware	< 8.66.62.92	Yes
Hardware	lenovo	thinkpad_yoga_260	-	No
Operating System	lenovo	thinkpad_yoga_s1_firmware	< 8.66.62.92	Yes
Hardware	lenovo	thinkpad_yoga_s1	-	No
Operating System	lenovo	thinkpad_yoga_370_firmware	-	Yes
Hardware	lenovo	thinkpad_yoga_370	-	No
Operating System	lenovo	thinkpad_s1_3rd_firmware	-	Yes
Hardware	lenovo	thinkpad_s1_3rd	-	No
Operating System	lenovo	yoga_14_firmware	-	Yes
Hardware	lenovo	yoga_14	-	No

References

https://lenovomobilesupport.lenovo.com/us/en/product_security/home Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/solutions/LEN-26251 Vendor Advisory ([email protected])
https://lenovomobilesupport.lenovo.com/us/en/product_security/home Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/solutions/LEN-26251 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.