Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

Published

2020-07-22T14:15:14.797

Last Modified

2024-11-21T04:33:22.597

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-763

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	synaptics	vfs75xx_firmware	5.2.225.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.318.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.524.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.3530.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.3.3539.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.3.1116	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.8.1096	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.10.1093	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.11.1106	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.15.1102	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.38.1058	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.2734.1050	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.2811.1050	Yes
Operating System	synaptics	vfs75xx_firmware	5.6.23.1000	Yes
Operating System	synaptics	vfs75xx_firmware	6.0.14.1108	Yes
Operating System	synaptics	vfs75xx_firmware	6.0.32.1104	Yes
Operating System	synaptics	vfs75xx_firmware	6.0.42.1107	Yes
Hardware	synaptics	vfs75xx	-	No
Operating System	lenovo	thinkpad_25_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_25	-	No
Operating System	lenovo	thankpad_a475_firmware	< 5.02.3539.0026	Yes
Hardware	lenovo	thankpad_a475	-	No
Operating System	lenovo	thankpad_a485_firmware	< 5.03.3542.0026	Yes
Hardware	lenovo	thankpad_a485	-	No
Operating System	lenovo	thinkpad_e480_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e480	-	No
Operating System	lenovo	thinkpad_e580_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e580	-	No
Operating System	lenovo	thinkpad_e485_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e485	-	No
Operating System	lenovo	thinkpad_e585_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e585	-	No
Operating System	lenovo	thinkpad_e490s_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e490s	-	No
Operating System	lenovo	thinkpad_s3_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_s3	-	No
Operating System	lenovo	thinkpad_e490_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e490	-	No
Operating System	lenovo	thinkpad_e590_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e590	-	No
Operating System	lenovo	thinkpad_r490_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_r490	-	No
Operating System	lenovo	thinkpad_r590_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_r590	-	No
Operating System	lenovo	thinkpad_l480_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_l480	-	No
Operating System	lenovo	thinkpad_l580_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_l580	-	No
Operating System	lenovo	thinkpad_p1_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p1	-	No
Operating System	lenovo	thinkpad_p1_gen_2_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p1_gen_2	-	No
Operating System	lenovo	thinkpad_x1_extreme_2nd_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x1_extreme_2nd	-	No
Operating System	lenovo	thinkpad_p43s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p43s	-	No
Operating System	lenovo	thinkpad_p50_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_p50	-	No
Operating System	lenovo	thinkpad_p51_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51	-	No
Operating System	lenovo	thinkpad_p51s_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20jx\)	-	No
Operating System	lenovo	thinkpad_p51s_\(20kx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20kx\)	-	No
Operating System	lenovo	thinkpad_p51s_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20hx\)	-	No
Operating System	lenovo	thinkpad_p52_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p52	-	No
Operating System	lenovo	thinkpad_p52s_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p52s	-	No
Operating System	lenovo	thinkpad_p53_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p53	-	No
Operating System	lenovo	thinkpad_p53s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p53s	-	No
Operating System	lenovo	thinkpad_p70_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_p70	-	No
Operating System	lenovo	thinkpad_p71_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p71_\(20hx\)	-	No
Operating System	lenovo	thinkpad_p72_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p72	-	No
Operating System	lenovo	thinkpad_p73_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p73	-	No
Operating System	lenovo	thinkpad_t25_\(20k7\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t25_\(20k7\)	-	No
Operating System	lenovo	thinkpad_t460p_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_t460p	-	No
Operating System	lenovo	thinkpad_t460s_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_t460s	-	No
Operating System	lenovo	thinkpad_t470_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t470_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470_\(20jx\)	-	No
Operating System	lenovo	thinkpad_t470p_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470p	-	No
Operating System	lenovo	thinkpad_t470s_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470s_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t470s_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470s_\(20jx\)	-	No
Operating System	lenovo	thinkpad_t480_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t480	-	No
Operating System	lenovo	thinkpad_t480s_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t480s	-	No
Operating System	lenovo	thinkpad_t490_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t490	-	No
Operating System	lenovo	thinkpad_t490s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t490s	-	No
Operating System	lenovo	thinkpad_t570_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t570_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t570\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t570\(20jx\)	-	No
Operating System	lenovo	thinkpad_t580_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t580	-	No
Operating System	lenovo	thinkpad_t590_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t590	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20hx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20kx\)_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20kx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_carbon	-	No
Operating System	lenovo	thinkpad_x1_yoga_4th_gen_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_4th_gen	-	No
Operating System	lenovo	thinkpad_x1_extreme_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_extreme	-	No
Operating System	lenovo	thinkpad_x1_tablet_firmware	< 5.5.40.1058	Yes
Hardware	lenovo	thinkpad_x1_tablet	-	No
Operating System	lenovo	thinkpad_x1_tablet_\(20jx\)_firmware	< 5.2.227.26	Yes
Hardware	lenovo	thinkpad_x1_tablet_\(20jx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_yoga	-	No
Operating System	lenovo	thinkpad_x1_yoga_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_\(20jx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_3rd_gen_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_3rd_gen	-	No
Operating System	lenovo	thinkpad_x270_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x270	-	No
Operating System	lenovo	thinkpad_x280_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x280	-	No
Operating System	lenovo	thinkpad_x380_yoga_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x380_yoga	-	No
Operating System	lenovo	thinkpad_x390_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x390	-	No
Operating System	lenovo	thinkpad_x390_yoga_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x390_yoga	-	No
Operating System	lenovo	thinkpad_yoga_370_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_yoga_370	-	No
Operating System	lenovo	thinkpad_s1_3rd_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_s1_3rd	-	No
Operating System	lenovo	thinkpad_yoga_260_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_yoga_260	-	No
Operating System	lenovo	thinkpad_yoga_s1_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_yoga_s1	-	No
Operating System	lenovo	thinkpad_a275_firmware	< 5.2.3535.26	Yes
Hardware	lenovo	thinkpad_a275	-	No
Operating System	hp	envy_-_13t-ah100_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_-_13t-ah100	-	No
Operating System	hp	envy_-_13t-aq100_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_-_13t-aq100	-	No
Operating System	hp	envy_13-ah0xxx_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_13-ah0xxx	-	No
Operating System	hp	envy_13-ah1xxx_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_13-ah1xxx	-	No
Operating System	hp	envy_13-aq0xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_13-aq0xxx	-	No
Operating System	hp	envy_13-aq1xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_13-aq1xxx	-	No
Operating System	hp	envy_-_17t-bw000_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_-_17t-bw000	-	No
Operating System	hp	envy_-_17t-ce000_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_-_17t-ce000	-	No
Operating System	hp	envy_-_17t-ce100_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_-_17t-ce100	-	No
Operating System	hp	envy_17-bw0xxx_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_17-bw0xxx	-	No
Operating System	hp	envy_17-ce0xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_17-ce0xxx	-	No
Operating System	hp	envy_17-ce1xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_17-ce1xxx	-	No
Operating System	hp	envy_17m-bw0xxx_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_17m-bw0xxx	-	No
Operating System	hp	envy_17m-ce0xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_17m-ce0xxx	-	No
Operating System	hp	envy_17m-ce1xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_17m-ce1xxx	-	No
Operating System	hp	envy_x360_-_15t-cn000_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_x360_-_15t-cn000	-	No
Operating System	hp	envy_x360_-_15t-dr000_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_x360_-_15t-dr000	-	No
Operating System	hp	envy_x360_-_15t-dr000_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_x360_-_15t-dr000_\(validity_fps\)	-	No
Operating System	hp	envy_x360_-_15t-dr100_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_x360_-_15t-dr100	-	No
Operating System	hp	envy_x360_-_15t-dr100_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_x360_-_15t-dr100_\(validity_fps\)	-	No
Operating System	hp	envy_15-cn0xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_15-cn0xxx_x360	-	No
Operating System	hp	envy_15-cn1xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_15-cn1xxx_x360	-	No
Operating System	hp	envy_15-dr0xxx_x360_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_15-dr0xxx_x360	-	No
Operating System	hp	envy_15-dr0xxx_x360_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_15-dr0xxx_x360_\(validity_fps\)	-	No
Operating System	hp	envy_15-dr1xxx_x360_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_15-dr1xxx_x360	-	No
Operating System	hp	envy_15-dr1xxx_x360_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_15-dr1xxx_x360_\(validity_fps\)	-	No
Operating System	hp	envy_15m-cn0xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_15m-cn0xxx_x360	-	No
Operating System	hp	envy_15m-dr0xxx_x360_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_15m-dr0xxx_x360	-	No
Operating System	hp	envy_15m-dr0xxx_x360_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_15m-dr0xxx_x360_\(validity_fps\)	-	No
Operating System	hp	envy_15m-dr1xxx_x360_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_15m-dr1xxx_x360	-	No
Operating System	hp	envy_15m-dr1xxx_x360_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_15m-dr1xxx_x360_\(validity_fps\)	-	No
Operating System	hp	pavilion_x360_-_14t-cd000_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_x360_-_14t-cd000	-	No
Operating System	hp	pavilion_x360_-_15t-dq000_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_x360_-_15t-dq000	-	No
Operating System	hp	pavilion_x360_-_15t-dq100_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_x360_-_15t-dq100	-	No
Operating System	hp	pavilion_x360_14t-cd100_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_x360_14t-cd100	-	No
Operating System	hp	pavilion_x360_14t-dh000_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_x360_14t-dh000	-	No
Operating System	hp	pavilion_14-cd1xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_14-cd1xxx_x360	-	No
Operating System	hp	pavilion_14-cd2xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_14-cd2xxx_x360	-	No
Operating System	hp	pavilion_14-dh0xxx_x360_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_14-dh0xxx_x360	-	No
Operating System	hp	pavilion_14m-cd0xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_14m-cd0xxx_x360	-	No
Operating System	hp	pavilion_14m-dh0xxx_x360_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_14m-dh0xxx_x360	-	No
Operating System	hp	pavilion_15_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_15	-	No
Operating System	hp	spectre_x360_firmware	< 5.5.26.1102	Yes
Hardware	hp	spectre_x360	-	No

References

https://support.hp.com/hk-en/document/c06696568 Patch, Third Party Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory ([email protected])
https://www.synaptics.com/company/blog/ Vendor Advisory ([email protected])
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf Vendor Advisory ([email protected])
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ Vendor Advisory ([email protected])
https://support.hp.com/hk-en/document/c06696568 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synaptics.com/company/blog/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)