CVE-2019-19705

high-risk
Published 2022-12-26

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

Do I need to act?

-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Ideacentre 510-15Ikl Firmware
Ideacentre 510S-08Ikl Firmware
Ideacentre 300S-11Ish Firmware
Ideacentre 310-15Asr Firmware
Ideacentre 310-15Iap Firmware
Ideacentre 310A-15Iap Firmware
Ideacentre 310S-08Iap Firmware
Ideacentre 510-15Abr Firmware
Ideacentre 510S-08Ish Firmware
Ideacentre 610S-02Ish Firmware
Ideacentre 620S-03Ikl Firmware
Ideacentre 700 Firmware
Ideacentre 720-18Asr Firmware
Legion Y520T Z370 Firmware
Legion Y720 Tower Firmware
Legion Y720T Amd Firmware
Legion Y920 Tower Firmware
Lenovo V320-15Iap Firmware
Thinkcentre E74S Firmware
Yangtian Mc H110 Firmware

Affected Vendors

Lenovo

References (2)

Vendor Advisory https://support.lenovo.com/us/en/product_security/ps500315-realtek-audio-driver-...
Vendor Advisory https://support.lenovo.com/us/en/product_security/ps500315-realtek-audio-driver-...
57
/ 100
high-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 32/34 · Critical