MidnightBSD

Advisories for synaptics

CVE-2019-18618 LOW

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp elitebook_x360_1040_g5_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
lenovo thinkpad_p72_firmware *
lenovo thinkpad_p1_gen_2_firmware *
hp elitebook_840_g5_firmware *
hp zhan_66_pro_13_g2_firmware *
lenovo thinkpad_x1_yoga_3rd_gen_firmware *
lenovo thinkpad_p43s_firmware *
lenovo thinkpad_p53_firmware *
lenovo thinkpad_yoga_s1_firmware *
hp elitebook_830_g5_firmware *
lenovo thinkpad_e580_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
synaptics vfs75xx_firmware 5.1.337.26
lenovo thinkpad_x270_firmware *
synaptics vfs75xx_firmware 5.2.524.26
hp elitebook_745_g6_firmware *
lenovo thinkpad_e490s_firmware *
hp elitebook_846_g5_firmware *
hp elite_slice_firmware *
lenovo thinkpad_p52s_firmware *
hp elitebook_x360_1040_g6_firmware *
hp mt44_firmware *
synaptics vfs75xx_firmware 5.5.8.1092
hp zbook_15u_g6_firmware *
hp zbook_15_g6_firmware *
hp elitebook_836_g6_firmware *
lenovo thinkpad_p51s_(20jx)_firmware *
lenovo thinkpad_25_firmware *
hp probook_450_g6_firmware *
lenovo thinkpad_t25_(20k7)_firmware *
lenovo thinkpad_t480_firmware *
lenovo thinkpad_p1_firmware *
lenovo thinkpad_e480_firmware *
hp zhan_x_13_g2_firmware *
hp elitebook_846_g6_firmware *
lenovo thinkpad_t590_firmware *
hp envy_x360_firmware *
hp spectre_x360_firmware *
lenovo thinkpad_e585_firmware *
synaptics vfs75xx_firmware 5.2.3109.26
hp elitebook_x360_830_g5_firmware *
lenovo thinkpad_x390_firmware *
lenovo thinkpad_x1_carbon_(20kx)_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo thinkpad_p73_firmware *
hp elitebook_846_g5_healthcare_edition_firmware *
hp elite_x2_g4_firmware *
lenovo thinkpad_t570_(20hx)_firmware *
lenovo thankpad_a475_firmware *
hp probook_455r_g6_firmware *
synaptics vfs75xx_firmware 5.2.5024.26
hp probook_650_g5_firmware *
hp probook_445r_g6_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkpad_e485_firmware *
synaptics vfs75xx_firmware 5.5.2734.1050
hp elitebook_1050_g1_firmware *
synaptics vfs75xx_firmware 5.5.17.1099
lenovo thinkpad_x1_extreme_firmware *
lenovo thinkpad_x1_extreme_2nd_firmware *
hp zbook_17_g6_firmware *
hp elitebook_840_g6_firmware *
lenovo thinkpad_t470_(20hx)_firmware *
lenovo thinkpad_e590_firmware *
lenovo thinkpad_r490_firmware *
hp probook_455_g6_firmware *
lenovo thinkpad_r590_firmware *
synaptics vfs75xx_firmware 5.5.17.1102
synaptics vfs75xx_firmware 5.1.5.51
hp mt45_firmware *
synaptics vfs75xx_firmware 5.5.10.1100
lenovo thinkpad_t470_(20jx)_firmware *
hp pro_x2_612_g2_firmware *
hp elite_x2_1012_g2_firmware *
synaptics vfs75xx_firmware 5.2.320.26
lenovo thinkpad_x1_yoga_(20jx)_firmware *
hp elitebook_836_g5_firmware *
hp zbook_17_g5_firmware *
lenovo thinkpad_x1_carbon_(20hx)_firmware *
lenovo thinkpad_p51s_(20hx)_firmware *
hp elitebook_x360_1030_g4_firmware *
hp elite_x2_1013_g3_firmware *
hp zbook_studio_g5_firmware *
lenovo thinkpad_t470s_(20hx)_firmware *
lenovo thinkpad_l580_firmware *
lenovo thinkpad_e490_firmware *
hp elitebook_745_g5_firmware *
hp zbook_studio_x360_g5_firmware *
synaptics vfs75xx_firmware 5.5.10.1106
lenovo thinkpad_x380_yoga_firmware *
hp probook_640_g5_firmware *
lenovo thinkpad_p51_firmware *
hp zhan_66_pro_15_g2_firmware *
hp elitebook_846_g6_healthcare_edition_firmware *
synaptics vfs75xx_firmware 5.5.4.1116
hp elitebook_830_g6_firmware *
lenovo thinkpad_x390_yoga_firmware *
hp probook_440_g6_firmware *
lenovo thankpad_a485_firmware *
hp elitebook_x360_1020_g2_firmware *
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_t490s_firmware *
lenovo thinkpad_t570(20jx)_firmware *
hp zbook_15_g5_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_s1_3rd_firmware *
hp elitebook_850_g6_firmware *
synaptics vfs75xx_firmware 5.5.502.79
synaptics vfs75xx_firmware 5.5.2810.1050
hp elitebook_1040_g4_firmware *
lenovo thinkpad_p71_(20hx)_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo thinkpad_p51s_(20kx)_firmware *
lenovo thinkpad_t470s_(20jx)_firmware *
hp probook_430_g6_firmware *
hp zhan_66_pro_14_g2_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_x1_tablet_(20jx)_firmware *
lenovo thinkpad_t460s_firmware *
synaptics vfs75xx_firmware 5.5.512.1051
hp probook_445_g6_firmware *
hp zbook_14u_g6_firmware *
hp elitebook_735_g5_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkpad_t490_firmware *
lenovo thinkpad_x1_carbon_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware *
hp zbook_15u_g5_firmware *
lenovo thinkpad_p52_firmware *
hp elitebook_x360_1030_g2_firmware *
hp eliteone_1000_g1_firmware *
hp pavilion_x360_firmware *
synaptics vfs75xx_firmware 5.5.35.1058
synaptics vfs75xx_firmware 5.3.3541.26
lenovo thinkpad_a275_firmware *
lenovo thinkpad_p50_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_x1_yoga_firmware *
synaptics vfs75xx_firmware 5.1.3507.26
hp elitebook_850_g5_firmware *
hp zbook_14u_g5_firmware *
lenovo thinkpad_l480_firmware *
hp elitebook_755_g5_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_735_g6_firmware *
lenovo thinkpad_s3_firmware *
hp elitebook_x360_830_g6_firmware *
synaptics vfs75xx_firmware 5.2.3530.26
hp eliteone_1000_g2_firmware *
CVE-2019-18619 MEDIUM

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-763,

Products Affected

Vendor Product Version
hp envy_17m-ce0xxx_firmware *
lenovo thinkpad_p72_firmware *
hp envy_x360_-_15t-cn000_firmware *
lenovo thinkpad_p1_gen_2_firmware *
hp pavilion_14m-dh0xxx_x360_firmware *
lenovo thinkpad_x1_yoga_3rd_gen_firmware *
hp pavilion_14-cd1xxx_x360_firmware *
lenovo thinkpad_p43s_firmware *
hp envy_15-dr0xxx_x360_firmware *
lenovo thinkpad_p53_firmware *
hp envy_15m-dr1xxx_x360_firmware *
lenovo thinkpad_yoga_s1_firmware *
lenovo thinkpad_e580_firmware *
lenovo thinkpad_x270_firmware *
hp envy_17-ce1xxx_firmware *
synaptics vfs75xx_firmware 5.2.524.26
hp envy_15-dr1xxx_x360_firmware *
lenovo thinkpad_e490s_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thinkpad_p51s_(20jx)_firmware *
hp envy_15-cn1xxx_x360_firmware *
lenovo thinkpad_25_firmware *
lenovo thinkpad_t25_(20k7)_firmware *
hp envy_15-cn0xxx_x360_firmware *
lenovo thinkpad_t480_firmware *
lenovo thinkpad_p1_firmware *
lenovo thinkpad_e480_firmware *
hp pavilion_x360_-_15t-dq000_firmware *
lenovo thinkpad_t590_firmware *
hp pavilion_x360_14t-dh000_firmware *
hp spectre_x360_firmware *
lenovo thinkpad_e585_firmware *
synaptics vfs75xx_firmware 6.0.32.1104
hp envy_13-aq1xxx_firmware *
lenovo thinkpad_x390_firmware *
lenovo thinkpad_x1_carbon_(20kx)_firmware *
hp envy_x360_-_15t-dr000_(validity_fps)_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo thinkpad_p73_firmware *
hp envy_-_13t-aq100_firmware *
lenovo thinkpad_t570_(20hx)_firmware *
hp envy_13-ah0xxx_firmware *
lenovo thankpad_a475_firmware *
synaptics vfs75xx_firmware 5.6.23.1000
synaptics vfs75xx_firmware 5.5.8.1096
lenovo thinkpad_t580_firmware *
lenovo thinkpad_e485_firmware *
synaptics vfs75xx_firmware 5.5.2734.1050
synaptics vfs75xx_firmware 5.2.225.26
hp envy_15m-dr1xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_x1_extreme_firmware *
lenovo thinkpad_x1_extreme_2nd_firmware *
hp pavilion_14-dh0xxx_x360_firmware *
hp pavilion_x360_-_14t-cd000_firmware *
lenovo thinkpad_t470_(20hx)_firmware *
hp envy_15m-dr0xxx_x360_firmware *
lenovo thinkpad_e590_firmware *
lenovo thinkpad_r490_firmware *
lenovo thinkpad_r590_firmware *
hp envy_x360_-_15t-dr100_firmware *
lenovo thinkpad_t470_(20jx)_firmware *
synaptics vfs75xx_firmware 6.0.42.1107
lenovo thinkpad_x1_yoga_(20jx)_firmware *
lenovo thinkpad_x1_carbon_(20hx)_firmware *
synaptics vfs75xx_firmware 5.5.11.1106
lenovo thinkpad_p51s_(20hx)_firmware *
synaptics vfs75xx_firmware 5.5.2811.1050
lenovo thinkpad_t470s_(20hx)_firmware *
lenovo thinkpad_l580_firmware *
lenovo thinkpad_e490_firmware *
hp pavilion_14-cd2xxx_x360_firmware *
lenovo thinkpad_x380_yoga_firmware *
hp envy_15-dr0xxx_x360_(validity_fps)_firmware *
hp envy_-_17t-bw000_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_x390_yoga_firmware *
hp envy_17m-ce1xxx_firmware *
lenovo thankpad_a485_firmware *
synaptics vfs75xx_firmware 5.5.15.1102
hp envy_15m-cn0xxx_x360_firmware *
synaptics vfs75xx_firmware 5.2.318.26
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_t490s_firmware *
lenovo thinkpad_t570(20jx)_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_s1_3rd_firmware *
synaptics vfs75xx_firmware 5.3.3539.26
synaptics vfs75xx_firmware 5.5.38.1058
hp envy_-_13t-ah100_firmware *
lenovo thinkpad_p71_(20hx)_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo thinkpad_p51s_(20kx)_firmware *
lenovo thinkpad_t470s_(20jx)_firmware *
hp pavilion_x360_14t-cd100_firmware *
hp pavilion_15_firmware *
hp pavilion_14m-cd0xxx_x360_firmware *
hp envy_13-ah1xxx_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_x1_tablet_(20jx)_firmware *
synaptics vfs75xx_firmware 5.5.10.1093
lenovo thinkpad_t460s_firmware *
hp envy_13-aq0xxx_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkpad_t490_firmware *
synaptics vfs75xx_firmware 5.5.3.1116
hp envy_-_17t-ce000_firmware *
hp envy_17-ce0xxx_firmware *
lenovo thinkpad_x1_carbon_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware *
hp envy_15m-dr0xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_p52_firmware *
hp envy_-_17t-ce100_firmware *
hp envy_x360_-_15t-dr100_(validity_fps)_firmware *
synaptics vfs75xx_firmware 6.0.14.1108
hp envy_17-bw0xxx_firmware *
hp envy_15-dr1xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_a275_firmware *
lenovo thinkpad_p50_firmware *
hp envy_x360_-_15t-dr000_firmware *
lenovo thinkpad_x280_firmware *
hp pavilion_x360_-_15t-dq100_firmware *
lenovo thinkpad_x1_yoga_firmware *
lenovo thinkpad_l480_firmware *
hp envy_17m-bw0xxx_firmware *
lenovo thinkpad_s3_firmware *
synaptics vfs75xx_firmware 5.2.3530.26
CVE-2019-9730 HIGH

Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
synaptics sound_device *
CVE-2020-8337 HIGH

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
synaptics smart_audio_uwp *
CVE-2021-3675 LOW

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
PSIRT@synaptics.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
synaptics fingerprint_driver *
CVE-2022-27438 MEDIUM

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,

Products Affected

Vendor Product Version
moonsoftware password_agent 20.10.1
getmailbird mailbird 2.9.50.0
rstinstruments vw0420_firmware 1.33.0
rstinstruments inclinalysis_digital_inclinometer 2.48.9
gainedge better_explorer 2020.3.15.1304
vpnhood vpnhood 2.4.299
rstinstruments ipi_utility 1.05.0
rstinstruments portable_tilt_meter_firmware 1.20.1
realdefense mycleanid 4.1.4
krylack archive_password_recovery 3.70.69
rstinstruments dt2050_firmware 1.19.4.0
rstinstruments ma7_firmware 1.4.0.2
rstinstruments dt2350_firmware 1.19.4.0
rstinstruments dt2040_firmware 1.19.4.0
rstinstruments th2016_firmware 1.4.0.2
krylack rar_password_recovery 3.70.69
rstinstruments gaa2820_firmware 1.19.4.0
honeygain honeygain 0.10.7.0
rstinstruments mems_tilt_meter_firmware 1.20.1
3cx crm_template_generator 2.1.23
rstinstruments lp100_firmware 1.4.0.2
rstinstruments th2016b_firmware 1.4.0.2
rstinstruments ir420_firmware 1.4.0.2
rstinstruments c109_firmware 1.4.0.2
synaptics displaylink_usb_graphics *
rstinstruments dtsaa_firmware 1.19.4.0
rstinstruments dtl201b/2b_firmware 1.19.4.0
rstinstruments dt2306_firmware 1.19.4.0
nefarius scptoolkit 1.6.238.16010
rstinstruments dt2055b_firmware 1.19.4.0
urban-vpn urban_vpn 2.2.5
prusa3d prusaslicer 2.4.2
krylack burning_suite 1.20.05
krylack zip_password_recovery 3.70.69
rovio angry_birds_space 1.4.1
rstinstruments dt2011b_firmware 1.19.4.0
plagiarismcheckerx plagiarism_checker_x 8.0.6
freesnippingtool free_snipping_tool 5.6.0.0
rstinstruments dt2050b_firmware 1.19.4.0
rstinstruments dt4205_firmware 1.19.4.0
rstinstruments sg350_firmware 1.4.0.2
rstinstruments ic6560_firmware 1.19.4.0
vrdesktop virtual_desktop_streamer 1.20.16
rstinstruments rstar_rtu_host 1.33.0
rstinstruments qb120_firmware 1.4.0.2
gamecaster gamecaster 4.0.2109.2802
krylack volume_serial_number_editor 2.02.34
rstinstruments ic6660_firmware 1.19.4.0
rstinstruments vw2106_firmware -
3cx call_flow_designer 18.2.13
boom boomtv_streamer_portal 2.2.1
flamory flamory 4.2.19.0
vigem vigembus_driver 1.16.116
realdefense mycleanpc 4.0.2
realdefense mypasslock 1.9.6
rstinstruments dt2485_firmware 1.19.4.0
caphyon advanced_installer *
jki vi_package_manager 21.1.2754
rovio bad_piggies 1.3.0
rstinstruments rtu_firmware 1.19.4.0
emeditor emeditor 21.3.0
krylack asterisks_password_decryptor 3.31.107
rstinstruments dt2011_firmware 1.19.4.0
jpsoft take_command 28.2.18
fxsound fxsound 1.1.12.0
guzogo guzogo 1.0.5.0
codesector direct_folders 4.0
xsplit xsplit_express_video_editor 3.0.2001.801
rstinstruments mtcm_firmware 1.19.4.0
codesector teracopy 3.8.5
CVE-2023-4936

It is possible to sideload a compromised DLL during the installation at elevated privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
PSIRT@synaptics.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L 0.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
synaptics displaylink_usb_graphics *
synaptics displaylink *
CVE-2023-6482

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
PSIRT@synaptics.com 5.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N 0.9 4.2
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N 0.9 4.2

Products Affected

Vendor Product Version
synaptics fingerprint_driver *