VAR-201711-0398
Vulnerability from variot - Updated: 2025-04-20 23:30A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. plural Lenovo ThinkPad Product Realtek Audio drivers contain vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ThinkPad11e and other are notebook products of China Lenovo. Realtekaudiodriver is one of the audio drivers released by Realtek
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "audio driver",
"scope": "lt",
"trust": 1.0,
"vendor": "realtek",
"version": "6.0.1.8224"
},
{
"model": "audio driver",
"scope": "lt",
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": "6.0.1.8224"
},
{
"model": "thinkpad 11e/yoga 11e 20e5",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 20e6",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 20ed",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 20e7",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 20e8",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 20ee",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad thinkpad s2 20gj",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "13/"
},
{
"model": "thinkpad 20gk",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 20gu",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20cg",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 20ch",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450 20ds",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 20dt",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"db": "NVD",
"id": "CVE-2017-3767"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:realtek:audio_driver_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
}
]
},
"cve": "CVE-2017-3767",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3767",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-36547",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-3767",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3767",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-3767",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-36547",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-383",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-383"
},
{
"db": "NVD",
"id": "CVE-2017-3767"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. plural Lenovo ThinkPad Product Realtek Audio drivers contain vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ThinkPad11e and other are notebook products of China Lenovo. Realtekaudiodriver is one of the audio drivers released by Realtek",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3767"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"db": "CNVD",
"id": "CNVD-2017-36547"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3767",
"trust": 3.0
},
{
"db": "LENOVO",
"id": "LEN-15759",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010216",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-36547",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-383",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-383"
},
{
"db": "NVD",
"id": "CVE-2017-3767"
}
]
},
"id": "VAR-201711-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36547"
}
],
"trust": 1.5692307692307692
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36547"
}
]
},
"last_update_date": "2025-04-20T23:30:50.610000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-15759",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/LEN-15759"
},
{
"title": "Patches for various Lenovo ThinkPad product local privilege escalation vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/108341"
},
{
"title": "Multiple Lenovo ThinkPad product Realtek Fixes for audio driver permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76251"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"db": "NVD",
"id": "CVE-2017-3767"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.lenovo.com/us/en/product_security/len-15759"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3767"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3767"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-383"
},
{
"db": "NVD",
"id": "CVE-2017-3767"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-36547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-383"
},
{
"db": "NVD",
"id": "CVE-2017-3767"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36547"
},
{
"date": "2017-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"date": "2017-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-383"
},
{
"date": "2017-11-13T16:29:00.293000",
"db": "NVD",
"id": "CVE-2017-3767"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36547"
},
{
"date": "2017-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010216"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-383"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3767"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-383"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Lenovo ThinkPad Product Realtek Vulnerabilities related to authorization, authority, and access control in audio drivers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010216"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-383"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…