CVE-2026-58583 PUBLISHED

FluxInk Color Management Driver local privilege escalation

Assigner: cisa-cg
Reserved: 01.07.2026 Published: 07.07.2026 Updated: 07.07.2026

FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.4

Product Status

Vendor FluxInk
Product Color Management Driver
Versions Default: unknown
  • affected from 0 to 1.0.7.6 (excl.)
  • Version 1.0.7.6 is unaffected

Credits

  • Julian Horoszkiewicz, Atos Threat Research Center

References

Problem Types

  • CWE-269 Improper Privilege Management CWE