Vulnerability Description
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realtek | Audio Driver Firmware | < 6.0.1.8224 |
| Lenovo | Thinkpad 10 | - |
| Lenovo | Thinkpad 11E | - |
| Lenovo | Thinkpad 13 | - |
| Lenovo | Thinkpad L450 | - |
| Lenovo | Thinkpad L460 | - |
| Lenovo | Thinkpad L470 Kbl | - |
| Lenovo | Thinkpad L470 Skl | - |
| Lenovo | Thinkpad L560 | - |
| Lenovo | Thinkpad P50 | - |
| Lenovo | Thinkpad P50S | - |
| Lenovo | Thinkpad P51S | - |
| Lenovo | Thinkpad P70 | - |
| Lenovo | Thinkpad P71 | - |
| Lenovo | Thinkpad S1 | - |
| Lenovo | Thinkpad S1 Yoga | - |
| Lenovo | Thinkpad S1 Yoga 12 | - |
| Lenovo | Thinkpad S2 | - |
| Lenovo | Thinkpad T440 | - |
| Lenovo | Thinkpad T440P | - |
References
- https://support.lenovo.com/us/en/product_security/LEN-15759Issue TrackingThird Party Advisory
- https://support.lenovo.com/us/en/product_security/LEN-15759Issue TrackingThird Party Advisory
FAQ
What is CVE-2017-3767?
CVE-2017-3767 is a vulnerability with a CVSS score of 7.8 (HIGH). A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute cod...
How severe is CVE-2017-3767?
CVE-2017-3767 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3767?
Check the references section above for vendor advisories and patch information. Affected products include: Realtek Audio Driver Firmware, Lenovo Thinkpad 10, Lenovo Thinkpad 11E, Lenovo Thinkpad 13, Lenovo Thinkpad L450.