CVE-2017-3767

Summary

CVE	CVE-2017-3767
State	PUBLISHED
Assigner	lenovo
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-11-13 16:29:00 UTC
Updated	2025-04-20 01:37:25 UTC
Description	A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.

Risk And Classification

Primary CVSS: v3.0 7.8 HIGH from [email protected]

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types: NVD-CWE-noinfo | Local priviledge escalation

Version	Source	Type	Score	Severity	Vector
3.0	[email protected]	Primary	7.8	HIGH	`CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
2.0	[email protected]	Primary	7.2		`AV:L/AC:L/Au:N/C:C/I:C/A:C`

CVSS v3.0 Breakdown

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 Breakdown

Access Vector

Local

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Lenovo	Thinkpad 10	-	All	All	All
Hardware	Lenovo	Thinkpad 11e	-	All	All	All
Hardware	Lenovo	Thinkpad 13	-	All	All	All
Hardware	Lenovo	Thinkpad L450	-	All	All	All
Hardware	Lenovo	Thinkpad L460	-	All	All	All
Hardware	Lenovo	Thinkpad L470 Kbl	-	All	All	All
Hardware	Lenovo	Thinkpad L470 Skl	-	All	All	All
Hardware	Lenovo	Thinkpad L560	-	All	All	All
Hardware	Lenovo	Thinkpad P50	-	All	All	All
Hardware	Lenovo	Thinkpad P50s	-	All	All	All
Hardware	Lenovo	Thinkpad P51s	-	All	All	All
Hardware	Lenovo	Thinkpad P70	-	All	All	All
Hardware	Lenovo	Thinkpad P71	-	All	All	All
Hardware	Lenovo	Thinkpad S1	-	All	All	All
Hardware	Lenovo	Thinkpad S1 Yoga	-	All	All	All
Hardware	Lenovo	Thinkpad S1 Yoga 12	-	All	All	All
Hardware	Lenovo	Thinkpad S2	-	All	All	All
Hardware	Lenovo	Thinkpad T440	-	All	All	All
Hardware	Lenovo	Thinkpad T440p	-	All	All	All
Hardware	Lenovo	Thinkpad T440s	-	All	All	All
Hardware	Lenovo	Thinkpad T450	-	All	All	All
Hardware	Lenovo	Thinkpad T450s	-	All	All	All
Hardware	Lenovo	Thinkpad T460	-	All	All	All
Hardware	Lenovo	Thinkpad T460p	-	All	All	All
Hardware	Lenovo	Thinkpad T460s	-	All	All	All
Hardware	Lenovo	Thinkpad T470	-	All	All	All
Hardware	Lenovo	Thinkpad T470p	-	All	All	All
Hardware	Lenovo	Thinkpad T470s Skl	-	All	All	All
Hardware	Lenovo	Thinkpad T540p	-	All	All	All
Hardware	Lenovo	Thinkpad T550	-	All	All	All
Hardware	Lenovo	Thinkpad T560	-	All	All	All
Hardware	Lenovo	Thinkpad T570	-	All	All	All
Hardware	Lenovo	Thinkpad W540	-	All	All	All
Hardware	Lenovo	Thinkpad W541	-	All	All	All
Hardware	Lenovo	Thinkpad W550s	-	All	All	All
Hardware	Lenovo	Thinkpad X1c	-	All	All	All
Hardware	Lenovo	Thinkpad X1 Carbon	-	All	All	All
Hardware	Lenovo	Thinkpad X1 Tablet	-	All	All	All
Hardware	Lenovo	Thinkpad X1 Yoga	-	All	All	All
Hardware	Lenovo	Thinkpad X240	-	All	All	All
Hardware	Lenovo	Thinkpad X240s	-	All	All	All
Hardware	Lenovo	Thinkpad X250	-	All	All	All
Hardware	Lenovo	Thinkpad X260	-	All	All	All
Hardware	Lenovo	Thinkpad X270 Kbl	-	All	All	All
Hardware	Lenovo	Thinkpad X270 Skl	-	All	All	All
Hardware	Lenovo	Thinkpad Yoga 11e	-	All	All	All
Operating System	Realtek	Audio Driver Firmware	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Lenovo Group Ltd.	Realtek Audio Driver	affected Earlier than 6.0.1.8224	Not specified

References

Reference	Source	Link	Tags
Local Privilege Escalation in Realtek Audio Driver - Lenovo Support US	af854a3a-2127-422b-91ae-364da2661108	support.lenovo.com	Issue Tracking, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.