Search criteria
9 vulnerabilities by Synaptics
CVE-2025-11772 (GCVE-0-2025-11772)
Vulnerability from cvelistv5 – Published: 2025-12-01 18:55 – Updated: 2025-12-01 19:08
VLAI?
Summary
A carefully crafted DLL, copied to
C:\ProgramData\Synaptics
folder, allows a local user to execute
arbitrary code with elevated privileges during driver installation.
Severity ?
6.6 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synaptics | Synaptics Fingerprint Driver |
Affected:
5.5.3521.1066 , < 5.5.3537.1066
(custom)
Affected: 5.5.4012.1052 , < 5.5.4022.1052 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T19:07:50.756015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T19:08:13.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Synaptics Fingerprint Driver",
"vendor": "Synaptics",
"versions": [
{
"lessThan": "5.5.3537.1066",
"status": "affected",
"version": "5.5.3521.1066",
"versionType": "custom"
},
{
"lessThan": "5.5.4022.1052",
"status": "affected",
"version": "5.5.4012.1052",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A carefully crafted DLL, copied to \n\nC:\\ProgramData\\Synaptics\n\n folder, allows a local user to execute \narbitrary code with elevated privileges during driver installation."
}
],
"value": "A carefully crafted DLL, copied to \n\nC:\\ProgramData\\Synaptics\n\n folder, allows a local user to execute \narbitrary code with elevated privileges during driver installation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T18:55:10.227Z",
"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"shortName": "Synaptics"
},
"references": [
{
"url": "https://www.synaptics.com/sites/default/files/2025-12/fingerprint-driver-co-installer-security-brief-2025-12-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Co-Installer Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"assignerShortName": "Synaptics",
"cveId": "CVE-2025-11772",
"datePublished": "2025-12-01T18:55:10.227Z",
"dateReserved": "2025-10-14T23:34:35.678Z",
"dateUpdated": "2025-12-01T19:08:13.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9157 (GCVE-0-2024-9157)
Vulnerability from cvelistv5 – Published: 2025-03-11 16:28 – Updated: 2025-03-11 19:20
VLAI?
Summary
** UNSUPPORTED WHEN ASSIGNED **
A privilege escalation vulnerability in CxUIUSvc64.exe and
CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized
attacker to load a DLL in a privileged process.
Out of an abundance of caution, this CVE ID is being
assigned to better serve our customers and ensure all who are still running
this product understand that the product is End-of-Life and should be removed.
For more information on this, refer to the CVE Record’s reference information.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synaptics | Synaptics Audio Driver |
Affected:
0 , < 9.0.282.*
(custom)
Affected: 0 , < 9.0.285.* (custom) Affected: 0 , < 9.0.278.* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T19:20:00.613168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T19:20:21.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Synaptics Audio Driver",
"vendor": "Synaptics",
"versions": [
{
"lessThan": "9.0.282.*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.0.285.*",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.0.278.*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e** UNSUPPORTED WHEN ASSIGNED **\u0026nbsp;\u003c/p\u003e\u003cp\u003eA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "** UNSUPPORTED WHEN ASSIGNED **\u00a0\n\nA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\n\n\nOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:28:06.178Z",
"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"shortName": "Synaptics"
},
"references": [
{
"url": "https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Privilege Escalation Vulnerability in CxUIUSvc service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"assignerShortName": "Synaptics",
"cveId": "CVE-2024-9157",
"datePublished": "2025-03-11T16:28:06.178Z",
"dateReserved": "2024-09-24T16:04:17.926Z",
"dateUpdated": "2025-03-11T19:20:21.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5447 (GCVE-0-2023-5447)
Vulnerability from cvelistv5 – Published: 2024-05-11 02:41 – Updated: 2024-08-02 07:59
VLAI?
Summary
Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App.
Severity ?
5.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synaptics | Synaptics Fingerprint Driver |
Affected:
6.0.0.1105 , < 6.0.64.1105
(custom)
Affected: 6.0.0.1136 , < 6.0.39.1136 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:50:04.526651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:42.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/2023-10/fingerprint-driver-HSAService-security-brief-2023-10-13.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Synaptics Fingerprint Driver",
"vendor": "Synaptics",
"versions": [
{
"lessThan": "6.0.64.1105",
"status": "affected",
"version": "6.0.0.1105",
"versionType": "custom"
},
{
"lessThan": "6.0.39.1136",
"status": "affected",
"version": "6.0.0.1136",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App."
}
],
"value": "Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-414",
"description": "CWE-414 Missing Lock Check",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-11T02:41:19.627Z",
"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"shortName": "Synaptics"
},
"references": [
{
"url": "https://www.synaptics.com/sites/default/files/2023-10/fingerprint-driver-HSAService-security-brief-2023-10-13.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-After-Free in Service for Hardware Support App for Fingerprint Driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"assignerShortName": "Synaptics",
"cveId": "CVE-2023-5447",
"datePublished": "2024-05-11T02:41:19.627Z",
"dateReserved": "2023-10-06T08:56:49.136Z",
"dateUpdated": "2024-08-02T07:59:44.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6482 (GCVE-0-2023-6482)
Vulnerability from cvelistv5 – Published: 2024-01-27 00:19 – Updated: 2024-10-18 14:42
VLAI?
Summary
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may
allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the
template database.
Severity ?
5.2 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synaptics | Synaptics Fingerprint Driver |
Affected:
6.0.0.1103 , < 6.0.17.1103
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T14:41:18.102766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T14:42:11.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Synaptics Fingerprint Driver",
"vendor": "Synaptics",
"versions": [
{
"lessThan": "6.0.17.1103",
"status": "affected",
"version": "6.0.0.1103",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of encryption key derived from static information in Synaptics Fingerprint Driver allows \n\nan attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor.\u0026nbsp;This may \nallow an attacker, who has physical access to the sensor, to enroll a fingerprint into the \ntemplate database."
}
],
"value": "Use of encryption key derived from static information in Synaptics Fingerprint Driver allows \n\nan attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor.\u00a0This may \nallow an attacker, who has physical access to the sensor, to enroll a fingerprint into the \ntemplate database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T16:33:12.763Z",
"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"shortName": "Synaptics"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Encryption key derived from static host information",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"assignerShortName": "Synaptics",
"cveId": "CVE-2023-6482",
"datePublished": "2024-01-27T00:19:15.351Z",
"dateReserved": "2023-12-04T09:46:38.305Z",
"dateUpdated": "2024-10-18T14:42:11.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4936 (GCVE-0-2023-4936)
Vulnerability from cvelistv5 – Published: 2023-10-11 17:00 – Updated: 2024-09-18 18:42
VLAI?
Summary
It is possible to sideload a compromised DLL during the installation at elevated privilege.
Severity ?
5.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synaptics | DisplayLink USB Graphics Software for Windows |
Affected:
0 , ≤ 11.1 M1
(custom)
Unaffected: 11.2M0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synaptics.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synaptics.com/products/displaylink-graphics/downloads/windows"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/nr-154525-tc-synaptics_displaylink_windows_driver_security_brief_-_oct2023.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:42:15.398969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:42:24.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "DisplayLink USB Graphics Software for Windows",
"vendor": "Synaptics",
"versions": [
{
"lessThanOrEqual": "11.1 M1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.2M0"
}
]
}
],
"datePublic": "2023-10-11T16:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is possible to sideload a compromised DLL during the installation at elevated privilege."
}
],
"value": "It is possible to sideload a compromised DLL during the installation at elevated privilege."
}
],
"impacts": [
{
"capecId": "CAPEC-184",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-184 Software Integrity Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:07.311Z",
"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"shortName": "Synaptics"
},
"references": [
{
"url": "https://www.synaptics.com/"
},
{
"url": "https://www.synaptics.com/products/displaylink-graphics/downloads/windows"
},
{
"url": "https://www.synaptics.com/sites/default/files/nr-154525-tc-synaptics_displaylink_windows_driver_security_brief_-_oct2023.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Synaptics-DisplayLink-privilege escalation vulnerability via a dynamic library sideloading",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "update to 11.2M0"
}
],
"value": "update to 11.2M0"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"assignerShortName": "Synaptics",
"cveId": "CVE-2023-4936",
"datePublished": "2023-10-11T17:00:07.311Z",
"dateReserved": "2023-09-13T13:08:54.293Z",
"dateUpdated": "2024-09-18T18:42:24.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3675 (GCVE-0-2021-3675)
Vulnerability from cvelistv5 – Published: 2022-06-16 16:15 – Updated: 2024-09-16 17:38
VLAI?
Summary
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.
Severity ?
5.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synaptics | Synaptics Fingerprint Driver |
Affected:
5.1.xxx.26 , < xxx=340
(custom)
Affected: 5.2.xxxx.26 , < xxxx=3541 (custom) Affected: 5.2.2xx.26 , < xx=29 (custom) Affected: 5.2.3xx.26 , < xx=25 (custom) Affected: 5.3.xxxx.26 , < xxxx=3543 (custom) Affected: 5.5.xx.1058 , < xx=44 (custom) Affected: 5.5.xx.1102 , < xx=34 (custom) Affected: 5.5.xx.1116 , < xx=14 (custom) Affected: 6.0.xx.1104 , < xx=50 (custom) Affected: 6.0.xx.1108 , < xx=31 (custom) Affected: 6.0.xx.1111 , < xx=58 (custom) |
Credits
Synaptics would like to thank Tobias Cloosters and Johannes Willbold for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-68054"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86/64"
],
"product": "Synaptics Fingerprint Driver",
"vendor": "Synaptics",
"versions": [
{
"lessThan": "xxx=340",
"status": "affected",
"version": "5.1.xxx.26",
"versionType": "custom"
},
{
"lessThan": "xxxx=3541",
"status": "affected",
"version": "5.2.xxxx.26",
"versionType": "custom"
},
{
"lessThan": "xx=29",
"status": "affected",
"version": "5.2.2xx.26",
"versionType": "custom"
},
{
"lessThan": "xx=25",
"status": "affected",
"version": "5.2.3xx.26",
"versionType": "custom"
},
{
"lessThan": "xxxx=3543",
"status": "affected",
"version": "5.3.xxxx.26",
"versionType": "custom"
},
{
"lessThan": "xx=44",
"status": "affected",
"version": "5.5.xx.1058",
"versionType": "custom"
},
{
"lessThan": "xx=34",
"status": "affected",
"version": "5.5.xx.1102",
"versionType": "custom"
},
{
"lessThan": "xx=14",
"status": "affected",
"version": "5.5.xx.1116",
"versionType": "custom"
},
{
"lessThan": "xx=50",
"status": "affected",
"version": "6.0.xx.1104",
"versionType": "custom"
},
{
"lessThan": "xx=31",
"status": "affected",
"version": "6.0.xx.1108",
"versionType": "custom"
},
{
"lessThan": "xx=58",
"status": "affected",
"version": "6.0.xx.1111",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Synaptics would like to thank Tobias Cloosters and Johannes Willbold for reporting this issue."
}
],
"datePublic": "2022-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T16:15:00",
"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"shortName": "Synaptics"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-68054"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797"
}
],
"solutions": [
{
"lang": "en",
"value": "Listed drivers and above have additional input validation."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "synaTEE.signed.dll Out-Of-Bounds Heap Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@synaptics.com",
"DATE_PUBLIC": "2022-06-14T22:44:00.000Z",
"ID": "CVE-2021-3675",
"STATE": "PUBLIC",
"TITLE": "synaTEE.signed.dll Out-Of-Bounds Heap Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synaptics Fingerprint Driver",
"version": {
"version_data": [
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.1.xxx.26",
"version_value": "xxx=340"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.2.xxxx.26",
"version_value": "xxxx=3541"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.2.2xx.26",
"version_value": "xx=29"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.2.3xx.26",
"version_value": "xx=25"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.3.xxxx.26",
"version_value": "xxxx=3543"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.5.xx.1058",
"version_value": "xx=44"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.5.xx.1102",
"version_value": "xx=34"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.5.xx.1116",
"version_value": "xx=14"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "6.0.xx.1104",
"version_value": "xx=50"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "6.0.xx.1108",
"version_value": "xx=31"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "6.0.xx.1111",
"version_value": "xx=58"
}
]
}
}
]
},
"vendor_name": "Synaptics"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Synaptics would like to thank Tobias Cloosters and Johannes Willbold for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf",
"refsource": "CONFIRM",
"url": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-68054",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-68054"
},
{
"name": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797",
"refsource": "MISC",
"url": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797"
}
]
},
"solution": [
{
"lang": "en",
"value": "Listed drivers and above have additional input validation."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"assignerShortName": "Synaptics",
"cveId": "CVE-2021-3675",
"datePublished": "2022-06-16T16:15:00.966102Z",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-09-16T17:38:29.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27438 (GCVE-0-2022-27438)
Vulnerability from cvelistv5 – Published: 2022-06-06 22:21 – Updated: 2024-08-03 05:25
VLAI?
Summary
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://advanced.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://caphyon.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gerr.re/posts/cve-2022-27438/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.advancedinstaller.com/security-updates-auto-updater.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T15:51:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://advanced.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://caphyon.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gerr.re/posts/cve-2022-27438/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.advancedinstaller.com/security-updates-auto-updater.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advanced.com",
"refsource": "MISC",
"url": "http://advanced.com"
},
{
"name": "http://caphyon.com",
"refsource": "MISC",
"url": "http://caphyon.com"
},
{
"name": "https://gerr.re/posts/cve-2022-27438/",
"refsource": "MISC",
"url": "https://gerr.re/posts/cve-2022-27438/"
},
{
"name": "https://www.advancedinstaller.com/security-updates-auto-updater.html",
"refsource": "MISC",
"url": "https://www.advancedinstaller.com/security-updates-auto-updater.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27438",
"datePublished": "2022-06-06T22:21:30",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8337 (GCVE-0-2020-8337)
Vulnerability from cvelistv5 – Published: 2020-06-09 19:50 – Updated: 2024-09-16 18:38
VLAI?
Summary
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Synaptics Smart Audio UWP App |
Affected:
unspecified , < 1.0.83.0
(custom)
|
Credits
Synaptics would like to thank Michele Dell'Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synaptics Smart Audio UWP App",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.83.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:38",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synaptics Smart Audio UWP App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.83.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-30707",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"name": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf",
"refsource": "MISC",
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8337",
"datePublished": "2020-06-09T19:50:38.150822Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T18:38:25.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9730 (GCVE-0-2019-9730)
Vulnerability from cvelistv5 – Published: 2019-06-05 15:11 – Updated: 2024-08-04 22:01
VLAI?
Summary
Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:53.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synaptics.com/company/blog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Jackson_T"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-25822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T15:11:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synaptics.com/company/blog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Jackson_T"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-25822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synaptics.com/company/blog/",
"refsource": "MISC",
"url": "https://www.synaptics.com/company/blog/"
},
{
"name": "https://twitter.com/Jackson_T",
"refsource": "MISC",
"url": "https://twitter.com/Jackson_T"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-25822",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-25822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9730",
"datePublished": "2019-06-05T15:11:05",
"dateReserved": "2019-03-12T00:00:00",
"dateUpdated": "2024-08-04T22:01:53.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}