cnvd - cnvd-2017-36547

cnvd-2017-36547

Vulnerability from cnvd

Title: 多款Lenovo ThinkPad产品本地权限提升漏洞

Description:

ThinkPad 11e等都是中国联想（Lenovo）公司的笔记本电脑产品。Realtek audio driver是其中的一个瑞昱（Realtek）公司发布的音频驱动程序。

多款Lenovo ThinkPad产品中的Realtek音频驱动程序存在本地权限提升漏洞。本地攻击者可利用该漏洞以管理员权限执行代码。

Severity: 高

Patch Name: 多款Lenovo ThinkPad产品本地权限提升漏洞的补丁

Patch Description:

ThinkPad 11e等都是中国联想（Lenovo）公司的笔记本电脑产品。Realtek audio driver是其中的一个瑞昱（Realtek）公司发布的音频驱动程序。

多款Lenovo ThinkPad产品中的Realtek音频驱动程序存在本地权限提升漏洞。本地攻击者可利用该漏洞以管理员权限执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://support.lenovo.com/us/zh/product_security/len-15759

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-3767

Impacted products

Name
['Lenovo Thinkpad 11e/Yoga 11e 20E5', 'Lenovo Thinkpad 20E6', 'Lenovo Thinkpad 20ED', 'Lenovo Thinkpad 20E7', 'Lenovo Thinkpad 20E8', 'Lenovo Thinkpad 20EE', 'Lenovo Thinkpad 13 / ThinkPad S2 20GJ', 'Lenovo Thinkpad 20GK', 'Lenovo Thinkpad 20GU', 'Lenovo Thinkpad Helix 20CG', 'Lenovo Thinkpad 20CH', 'Lenovo Thinkpad L450 20DS', 'Lenovo Thinkpad 20DT', 'Lenovo Thinkpad L460']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3767"
    }
  },
  "description": "ThinkPad 11e\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u7b14\u8bb0\u672c\u7535\u8111\u4ea7\u54c1\u3002Realtek audio driver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u745e\u6631\uff08Realtek\uff09\u516c\u53f8\u53d1\u5e03\u7684\u97f3\u9891\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eLenovo ThinkPad\u4ea7\u54c1\u4e2d\u7684Realtek\u97f3\u9891\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "Lenovo",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.lenovo.com/us/zh/product_security/len-15759",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36547",
  "openTime": "2017-12-07",
  "patchDescription": "ThinkPad 11e\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u7b14\u8bb0\u672c\u7535\u8111\u4ea7\u54c1\u3002Realtek audio driver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u745e\u6631\uff08Realtek\uff09\u516c\u53f8\u53d1\u5e03\u7684\u97f3\u9891\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eLenovo ThinkPad\u4ea7\u54c1\u4e2d\u7684Realtek\u97f3\u9891\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eLenovo ThinkPad\u4ea7\u54c1\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lenovo Thinkpad 11e/Yoga 11e 20E5",
      "Lenovo Thinkpad 20E6",
      "Lenovo Thinkpad 20ED",
      "Lenovo Thinkpad 20E7",
      "Lenovo Thinkpad 20E8",
      "Lenovo Thinkpad 20EE",
      "Lenovo Thinkpad 13 / ThinkPad S2 20GJ",
      "Lenovo Thinkpad 20GK",
      "Lenovo Thinkpad 20GU",
      "Lenovo Thinkpad Helix 20CG",
      "Lenovo Thinkpad 20CH",
      "Lenovo Thinkpad L450 20DS",
      "Lenovo Thinkpad 20DT",
      "Lenovo Thinkpad L460"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-3767",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-14",
  "title": "\u591a\u6b3eLenovo ThinkPad\u4ea7\u54c1\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-3767 (GCVE-0-2017-3767)

Vulnerability from cvelistv5

Published

2017-11-13 16:00

Modified

2024-09-17 01:27

Severity ?

CWE

Local priviledge escalation

Summary

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.

References

▼	URL	Tags
	https://support.lenovo.com/us/en/product_security/LEN-15759	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Lenovo Group Ltd.	Realtek Audio Driver	Version: Earlier than 6.0.1.8224

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-15759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Realtek Audio Driver",
          "vendor": "Lenovo Group Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Earlier than 6.0.1.8224"
            }
          ]
        }
      ],
      "datePublic": "2017-11-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Local priviledge escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-13T15:57:01",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/LEN-15759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "DATE_PUBLIC": "2017-11-09T00:00:00",
          "ID": "CVE-2017-3767",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Realtek Audio Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Earlier than 6.0.1.8224"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Local priviledge escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/LEN-15759",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/product_security/LEN-15759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2017-3767",
    "datePublished": "2017-11-13T16:00:00Z",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-09-17T01:27:06.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted