EUVD-2017-12858

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Local user can alter firmware in Lenovo Power Management driver affecting ThinkPad X1 Carbon 5th generation

Reporter	Title	Published	Views	Family All 7
CNVD	Lenovo ThinkPad X1 Carbon Power Management Driver Elevation of Privilege Vulnerability	6 Jun 201700:00	–	cnvd
CVE	CVE-2017-3741	3 Jun 201700:00	–	cve
Cvelist	CVE-2017-3741	3 Jun 201700:00	–	cvelist
Lenovo	Local User Can Alter Trackpoint Functionality in Lenovo Power Management Driver - us	8 May 201700:00	–	lenovo
NVD	CVE-2017-3741	4 Jun 201721:29	–	nvd
OSV	CVE-2017-3741	4 Jun 201721:29	–	osv
Prion	Design/Logic Flaw	4 Jun 201721:29	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "fe47f8cd-38e1-3e09-ac6a-8eca780c744f",
        "vendor": {
          "name": "Lenovo Group Ltd."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "591fc40a-affb-3d24-a6f6-14482b7d582a",
        "product": {
          "name": "Power Management Driver"
        },
        "product_version": "ThinkPad X1 Carbon 5th Generation running versions 1.67.12.19 through 1.67.12.23"
      }
    ]
  }
]

Source	Link
support	www.support.lenovo.com/us/en/product_security/LEN-14440
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

4.2Medium risk

Vulners AI Score4.2

CVSS 33.3

CVSS 22.1

EPSS0.00051