Home

Description

FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.

PUBLISHED Reserved 2026-07-01 | Published 2026-07-07 | Updated 2026-07-07 | Assigner cisa-cg




HIGH: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-269 Improper Privilege Management

Product status

Default status
unknown

Any version before 1.0.7.6
affected

1.0.7.6
unaffected

Credits

Julian Horoszkiewicz, Atos Threat Research Center

References

github.com/...64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h (url) third-party-advisory

github.com/b3s3da/TcnPeripheral64_PoC (url) exploit

www.cve.org/CVERecord?id=CVE-2026-58583 (url) vdb-entry

raw.githubusercontent.com/...IT/white/2026/va-26-188-01.json (url) third-party-advisory

cve.org (CVE-2026-58583)

nvd.nist.gov (CVE-2026-58583)

Download JSON