Back to overview

CVE-2026-58583

HIGH
7.1
CVSS 3.1
Description
FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.

Metadata

CVE ID
CVE-2026-58583
State
PUBLISHED
Assigner
cisa-cg
Reserved
2026-07-01 15:47 UTC
Published
2026-07-07 20:33 UTC
Last updated
2026-07-07 20:33 UTC
Primary CWE
CWE-269
CWE-269 Improper Privilege Management
Vendor / Product
FluxInk / Color Management Driver
Sources
cve.org  ·  NVD

Severity & Metrics

7.1 HIGH CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products (1)
VendorProductPlatformVersions
FluxInk Color Management Driver 0 < 1.0.7.6, 1.0.7.6
Weakness (CWE)
CWESourceDescription
CWE-269 cna CWE-269 Improper Privilege Management
CVSS scores (2)
ScoreSeverityVersionSourceVector
8.4 HIGH 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
7.1 HIGH 3.1 cna CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Back to overview