Local Privilege Escalation in Huawei ME906s 4G LTE Mobile Broadband Driver - Lenovo Support US

Lenovo Security Advisory: LEN-15815

Potential Impact: Local privilege escalation

Severity: High

**Scope of Impact:**Industry-Wide

**CVE Identifier:**CVE-2017-8185

Summary Description:

A local privilege escalation vulnerability has been discovered in the Huawei ME906s 4G LTE Mobile broadband driver used in some Lenovo ThinkPad products. An attacker with local privileges on a system could execute arbitrary code with administrative privileges.

The ME906s Mobile Broadband Module is an embedded PCI Express M.2 WWAN Card, which enables end users to have mobile access to the internet.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update the Huawei ME906s driver to version 13.1805.10.3 by following the link here: <https://support.lenovo.com/downloads/ds118618&gt;