CVE-2026-58583

high

Description

FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.

References

https://www.cve.org/CVERecord?id=CVE-2026-58583

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json

https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h

https://github.com/b3s3da/TcnPeripheral64_PoC

Details

Source: Mitre, NVD

Published: 2026-07-07

Updated: 2026-07-07

Risk Information

CVSS v2

Base Score: 6.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

CVSS v4

Base Score: 8.4

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity: High