Vulnerability Description
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Lenovo System Update | <= 5.07.0013 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98037Third Party AdvisoryVDB Entry
- https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-PrivileExploitThird Party Advisory
- https://support.lenovo.com/us/en/product_security/lsu_privilegeVendor Advisory
- http://www.securityfocus.com/bid/98037Third Party AdvisoryVDB Entry
- https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-PrivileExploitThird Party Advisory
- https://support.lenovo.com/us/en/product_security/lsu_privilegeVendor Advisory
FAQ
What is CVE-2015-8110?
CVE-2015-8110 is a vulnerability with a CVSS score of 7.8 (HIGH). Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within th...
How severe is CVE-2015-8110?
CVE-2015-8110 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8110?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Lenovo System Update.