High severity7.8NVD Advisory· Published Apr 24, 2017· Updated Jun 17, 2026
CVE-2015-8110
CVE-2015-8110
Description
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
Affected products
2cpe:2.3:a:lenovo:lenovo_system_update:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:lenovo:lenovo_system_update:*:*:*:*:*:*:*:*range: <=5.07.0013
- (no CPE)range: <5.07.0019
Patches
Vulnerability mechanics
References
3- ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdfnvdExploitThird Party Advisory
- www.securityfocus.com/bid/98037nvdThird Party AdvisoryVDB Entry
- support.lenovo.com/us/en/product_security/lsu_privilegenvdVendor Advisory
News mentions
0No linked articles in our index yet.