CVE-2026-58583 漏洞概述 标题: FluxInk Color Management Driver local privilege escalation 描述: FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly. CNA: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 更新: 2026-07-07 发布: 2026-07-07 影响范围 产品: Color Management Driver 供应商: FluxInk 受影响版本: 1.0.7.2 修复方案 修复版本: 1.0.7.6 获取方式: Windows Update 或 Lenovo 直接提供 其他信息 CWE: CWE-269: Improper Privilege Management CVSS: - Score: 7.1 (HIGH), 8.4 (HIGH) - Version: 3.1, 4.0 - Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:NVC:HVI:HNA:N/SC:N/NE: Credits: Julian Horoszkiewicz, Atos Threat Research Center References: - github.com: url - third-party-advisory - github.com: url - exploit - cve.org: url - vdb-entry - raw.githubusercontent.com: url - third-party-advisory