cnvd - cnvd-2017-36547

CNVD-2017-36547

Vulnerability from cnvd - Published: 2017-12-07

Title

多款Lenovo ThinkPad产品本地权限提升漏洞

Description

ThinkPad 11e等都是中国联想（Lenovo）公司的笔记本电脑产品。Realtek audio driver是其中的一个瑞昱（Realtek）公司发布的音频驱动程序。多款Lenovo ThinkPad产品中的Realtek音频驱动程序存在本地权限提升漏洞。本地攻击者可利用该漏洞以管理员权限执行代码。

Severity

高

Patch Name

多款Lenovo ThinkPad产品本地权限提升漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://support.lenovo.com/us/zh/product_security/len-15759

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-3767

Impacted products

Name
['Lenovo Thinkpad 11e/Yoga 11e 20E5', 'Lenovo Thinkpad 20E6', 'Lenovo Thinkpad 20ED', 'Lenovo Thinkpad 20E7', 'Lenovo Thinkpad 20E8', 'Lenovo Thinkpad 20EE', 'Lenovo Thinkpad 13 / ThinkPad S2 20GJ', 'Lenovo Thinkpad 20GK', 'Lenovo Thinkpad 20GU', 'Lenovo Thinkpad Helix 20CG', 'Lenovo Thinkpad 20CH', 'Lenovo Thinkpad L450 20DS', 'Lenovo Thinkpad 20DT', 'Lenovo Thinkpad L460']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3767"
    }
  },
  "description": "ThinkPad 11e\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u7b14\u8bb0\u672c\u7535\u8111\u4ea7\u54c1\u3002Realtek audio driver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u745e\u6631\uff08Realtek\uff09\u516c\u53f8\u53d1\u5e03\u7684\u97f3\u9891\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eLenovo ThinkPad\u4ea7\u54c1\u4e2d\u7684Realtek\u97f3\u9891\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "Lenovo",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.lenovo.com/us/zh/product_security/len-15759",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36547",
  "openTime": "2017-12-07",
  "patchDescription": "ThinkPad 11e\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u7b14\u8bb0\u672c\u7535\u8111\u4ea7\u54c1\u3002Realtek audio driver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u745e\u6631\uff08Realtek\uff09\u516c\u53f8\u53d1\u5e03\u7684\u97f3\u9891\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eLenovo ThinkPad\u4ea7\u54c1\u4e2d\u7684Realtek\u97f3\u9891\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eLenovo ThinkPad\u4ea7\u54c1\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lenovo Thinkpad 11e/Yoga 11e 20E5",
      "Lenovo Thinkpad 20E6",
      "Lenovo Thinkpad 20ED",
      "Lenovo Thinkpad 20E7",
      "Lenovo Thinkpad 20E8",
      "Lenovo Thinkpad 20EE",
      "Lenovo Thinkpad 13 / ThinkPad S2 20GJ",
      "Lenovo Thinkpad 20GK",
      "Lenovo Thinkpad 20GU",
      "Lenovo Thinkpad Helix 20CG",
      "Lenovo Thinkpad 20CH",
      "Lenovo Thinkpad L450 20DS",
      "Lenovo Thinkpad 20DT",
      "Lenovo Thinkpad L460"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-3767",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-14",
  "title": "\u591a\u6b3eLenovo ThinkPad\u4ea7\u54c1\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-3767 (GCVE-0-2017-3767)

Vulnerability from cvelistv5 – Published: 2017-11-13 16:00 – Updated: 2024-09-17 01:27

Summary

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.

Severity ?

No CVSS data available.

CWE

Local priviledge escalation

Assigner

lenovo

References

URL

Tags

https://support.lenovo.com/us/en/product_security…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Lenovo Group Ltd.	Realtek Audio Driver	Affected: Earlier than 6.0.1.8224

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-15759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Realtek Audio Driver",
          "vendor": "Lenovo Group Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Earlier than 6.0.1.8224"
            }
          ]
        }
      ],
      "datePublic": "2017-11-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Local priviledge escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-13T15:57:01",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/LEN-15759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "DATE_PUBLIC": "2017-11-09T00:00:00",
          "ID": "CVE-2017-3767",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Realtek Audio Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Earlier than 6.0.1.8224"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Local priviledge escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/LEN-15759",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/product_security/LEN-15759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2017-3767",
    "datePublished": "2017-11-13T16:00:00Z",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-09-17T01:27:06.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-36547

CVE-2017-3767 (GCVE-0-2017-3767)

Tags

Sightings

Nomenclature