CVE-2015-8110
HIGHLenovo System Update <5.07.0019 - Privilege Escalation
Title source: llmDescription
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98037
Exploit, Third Party Advisory x_refsource_misc
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdf
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/lsu_privilege
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
15.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (1)
lenovo/lenovo_system_update
< 5.07.0013
Published
Apr 24, 2017
Tracked Since
Feb 18, 2026