VIR Vulnerability Intelligence Relay

CVE-2017-3758

critical
Published 2017-10-17 · Modified 2026-05-13
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
7.5
VIR risk
9.8

Description

Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@lenovo.com — https://support.lenovo.com/us/en/product_security/LEN-15374

Application impact
VendorProductVersionsFixed
lenovoservice_framework-

References

Verify integrity in audit chain (admin only). AS-IS.