CVE-2019-18619 | Severity.io

Description

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

Related CPE's

o

synaptics

vfs75xx_firmware

17

thinkpad_25_firmware

Vulnerable

thankpad_a475_firmware

Vulnerable

thankpad_a485_firmware

Vulnerable

thinkpad_e480_firmware

Vulnerable

thinkpad_e580_firmware

Vulnerable

thinkpad_e485_firmware

Vulnerable

thinkpad_e585_firmware

Vulnerable

thinkpad_e490s_firmware

Vulnerable

thinkpad_s3_firmware

Vulnerable

thinkpad_e490_firmware

Vulnerable

thinkpad_e590_firmware

Vulnerable

thinkpad_r490_firmware

Vulnerable

thinkpad_r590_firmware

Vulnerable

thinkpad_l480_firmware

Vulnerable

thinkpad_l580_firmware

Vulnerable

thinkpad_p1_firmware

Vulnerable

thinkpad_p1_gen_2_firmware

Vulnerable

thinkpad_p1_gen_2

thinkpad_x1_extreme_2nd_firmware

Vulnerable

thinkpad_x1_extreme_2nd

thinkpad_p43s_firmware

Vulnerable

thinkpad_p50_firmware

Vulnerable

thinkpad_p51_firmware

Vulnerable

thinkpad_p51s_\(20jx\)_firmware

Vulnerable

thinkpad_p51s_\(20jx\)

thinkpad_p51s_\(20kx\)_firmware

Vulnerable

thinkpad_p51s_\(20kx\)

thinkpad_p51s_\(20hx\)_firmware

Vulnerable

thinkpad_p51s_\(20hx\)

thinkpad_p52_firmware

Vulnerable

thinkpad_p52s_firmware

Vulnerable

thinkpad_p53_firmware

Vulnerable

thinkpad_p53s_firmware

Vulnerable

thinkpad_p70_firmware

Vulnerable

thinkpad_p71_\(20hx\)_firmware

Vulnerable

thinkpad_p71_\(20hx\)

thinkpad_p72_firmware

Vulnerable

thinkpad_p73_firmware

Vulnerable

thinkpad_t25_\(20k7\)_firmware

Vulnerable

thinkpad_t25_\(20k7\)

thinkpad_t460p_firmware

Vulnerable

thinkpad_t460s_firmware

Vulnerable

thinkpad_t470_\(20hx\)_firmware

Vulnerable

thinkpad_t470_\(20hx\)

thinkpad_t470_\(20jx\)_firmware

Vulnerable

thinkpad_t470_\(20jx\)

thinkpad_t470p_firmware

Vulnerable

thinkpad_t470s_\(20hx\)_firmware

Vulnerable

thinkpad_t470s_\(20hx\)

thinkpad_t470s_\(20jx\)_firmware

Vulnerable

thinkpad_t470s_\(20jx\)

thinkpad_t480_firmware

Vulnerable

thinkpad_t480s_firmware

Vulnerable

thinkpad_t490_firmware

Vulnerable

thinkpad_t490s_firmware

Vulnerable

thinkpad_t570_\(20hx\)_firmware

Vulnerable

thinkpad_t570_\(20hx\)

thinkpad_t570\(20jx\)_firmware

Vulnerable

thinkpad_t570\(20jx\)

thinkpad_t580_firmware

Vulnerable

thinkpad_t590_firmware

Vulnerable

thinkpad_x1_carbon_\(20hx\)_firmware

Vulnerable

thinkpad_x1_carbon_\(20hx\)

thinkpad_x1_carbon_\(20kx\)_firmware

Vulnerable

thinkpad_x1_carbon_\(20kx\)

thinkpad_x1_carbon_firmware

Vulnerable

thinkpad_x1_carbon

thinkpad_x1_yoga_4th_gen_firmware

Vulnerable

thinkpad_x1_yoga_4th_gen

thinkpad_x1_extreme_firmware

Vulnerable

thinkpad_x1_extreme

thinkpad_x1_tablet_firmware

Vulnerable

thinkpad_x1_tablet

thinkpad_x1_tablet_\(20jx\)_firmware

Vulnerable

thinkpad_x1_tablet_\(20jx\)

thinkpad_x1_yoga_firmware

Vulnerable

thinkpad_x1_yoga

thinkpad_x1_yoga_\(20jx\)_firmware

Vulnerable

thinkpad_x1_yoga_\(20jx\)

thinkpad_x1_yoga_3rd_gen_firmware

Vulnerable

thinkpad_x1_yoga_3rd_gen

thinkpad_x270_firmware

Vulnerable

thinkpad_x280_firmware

Vulnerable

thinkpad_x380_yoga_firmware

Vulnerable

thinkpad_x380_yoga

thinkpad_x390_firmware

Vulnerable

thinkpad_x390_yoga_firmware

Vulnerable

thinkpad_x390_yoga

thinkpad_yoga_370_firmware

Vulnerable

thinkpad_yoga_370

thinkpad_s1_3rd_firmware

Vulnerable

thinkpad_s1_3rd

thinkpad_yoga_260_firmware

Vulnerable

thinkpad_yoga_260

thinkpad_yoga_s1_firmware

Vulnerable

thinkpad_yoga_s1

thinkpad_a275_firmware

Vulnerable

envy_-_13t-ah100_firmware

Vulnerable

envy_-_13t-ah100

envy_-_13t-aq100_firmware

Vulnerable

envy_-_13t-aq100

envy_13-ah0xxx_firmware

Vulnerable

envy_13-ah1xxx_firmware

Vulnerable

envy_13-aq0xxx_firmware

Vulnerable

envy_13-aq1xxx_firmware

Vulnerable

envy_-_17t-bw000_firmware

Vulnerable

envy_-_17t-bw000

envy_-_17t-ce000_firmware

Vulnerable

envy_-_17t-ce000

envy_-_17t-ce100_firmware

Vulnerable

envy_-_17t-ce100

envy_17-bw0xxx_firmware

Vulnerable

envy_17-ce0xxx_firmware

Vulnerable

envy_17-ce1xxx_firmware

Vulnerable

envy_17m-bw0xxx_firmware

Vulnerable

envy_17m-bw0xxx

envy_17m-ce0xxx_firmware

Vulnerable

envy_17m-ce0xxx

envy_17m-ce1xxx_firmware

Vulnerable

envy_17m-ce1xxx

envy_x360_-_15t-cn000_firmware

Vulnerable

envy_x360_-_15t-cn000

envy_x360_-_15t-dr000_firmware

Vulnerable

envy_x360_-_15t-dr000

envy_x360_-_15t-dr000_\(validity_fps\)_firmware

Vulnerable

envy_x360_-_15t-dr000_\(validity_fps\)

envy_x360_-_15t-dr100_firmware

Vulnerable

envy_x360_-_15t-dr100

envy_x360_-_15t-dr100_\(validity_fps\)_firmware

Vulnerable

envy_x360_-_15t-dr100_\(validity_fps\)

envy_15-cn0xxx_x360_firmware

Vulnerable

envy_15-cn0xxx_x360

envy_15-cn1xxx_x360_firmware

Vulnerable

envy_15-cn1xxx_x360

envy_15-dr0xxx_x360_firmware

Vulnerable

envy_15-dr0xxx_x360

envy_15-dr0xxx_x360_\(validity_fps\)_firmware

Vulnerable

envy_15-dr0xxx_x360_\(validity_fps\)

envy_15-dr1xxx_x360_firmware

Vulnerable

envy_15-dr1xxx_x360

envy_15-dr1xxx_x360_\(validity_fps\)_firmware

Vulnerable

envy_15-dr1xxx_x360_\(validity_fps\)

envy_15m-cn0xxx_x360_firmware

Vulnerable

envy_15m-cn0xxx_x360

envy_15m-dr0xxx_x360_firmware

Vulnerable

envy_15m-dr0xxx_x360

envy_15m-dr0xxx_x360_\(validity_fps\)_firmware

Vulnerable

envy_15m-dr0xxx_x360_\(validity_fps\)

envy_15m-dr1xxx_x360_firmware

Vulnerable

envy_15m-dr1xxx_x360

envy_15m-dr1xxx_x360_\(validity_fps\)_firmware

Vulnerable

envy_15m-dr1xxx_x360_\(validity_fps\)

pavilion_x360_-_14t-cd000_firmware

Vulnerable

pavilion_x360_-_14t-cd000

pavilion_x360_-_15t-dq000_firmware

Vulnerable

pavilion_x360_-_15t-dq000

pavilion_x360_-_15t-dq100_firmware

Vulnerable

pavilion_x360_-_15t-dq100

pavilion_x360_14t-cd100_firmware

Vulnerable

pavilion_x360_14t-cd100

pavilion_x360_14t-dh000_firmware

Vulnerable

pavilion_x360_14t-dh000

pavilion_14-cd1xxx_x360_firmware

Vulnerable

pavilion_14-cd1xxx_x360

pavilion_14-cd2xxx_x360_firmware

Vulnerable

pavilion_14-cd2xxx_x360

pavilion_14-dh0xxx_x360_firmware

Vulnerable

pavilion_14-dh0xxx_x360

pavilion_14m-cd0xxx_x360_firmware

Vulnerable

pavilion_14m-cd0xxx_x360

pavilion_14m-dh0xxx_x360_firmware

Vulnerable

pavilion_14m-dh0xxx_x360

pavilion_15_firmware

Vulnerable

spectre_x360_firmware

Vulnerable

References

https://support.hp.com/hk-en/document/c06696568

PatchThird Party Advisory

https://support.lenovo.com/us/en/product_security/LEN-31372

PatchThird Party Advisory

https://www.synaptics.com/company/blog/

Vendor Advisory

https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf

Vendor Advisory

https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-763

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2020-07-22T14:15:14.797

4 years ago

Last modified

2020-07-30T19:28:34.910

4 years ago