Lenovo Security Advisory: LEN-15815
Potential Impact: Local privilege escalation
Severity: High
**Scope of Impact:**Industry-Wide
**CVE Identifier:**CVE-2017-8185
Summary Description:
A local privilege escalation vulnerability has been discovered in the Huawei ME906s 4G LTE Mobile broadband driver used in some Lenovo ThinkPad products. An attacker with local privileges on a system could execute arbitrary code with administrative privileges.
The ME906s Mobile Broadband Module is an embedded PCI Express M.2 WWAN Card, which enables end users to have mobile access to the internet.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update the Huawei ME906s driver to version 13.1805.10.3 by following the link here: <https://support.lenovo.com/downloads/ds118618>