Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 224 products from synaptics, from synaptics, from lenovo and 221 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2020, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2020-07-22T14:15:14.797

Last Modified

2024-11-21T04:33:22.597

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-763

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	synaptics	vfs75xx_firmware	5.2.225.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.318.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.524.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.3530.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.3.3539.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.3.1116	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.8.1096	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.10.1093	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.11.1106	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.15.1102	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.38.1058	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.2734.1050	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.2811.1050	Yes
Operating System	synaptics	vfs75xx_firmware	5.6.23.1000	Yes
Operating System	synaptics	vfs75xx_firmware	6.0.14.1108	Yes
Operating System	synaptics	vfs75xx_firmware	6.0.32.1104	Yes
Operating System	synaptics	vfs75xx_firmware	6.0.42.1107	Yes
Hardware	synaptics	vfs75xx	-	No
Operating System	lenovo	thinkpad_25_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_25	-	No
Operating System	lenovo	thankpad_a475_firmware	< 5.02.3539.0026	Yes
Hardware	lenovo	thankpad_a475	-	No
Operating System	lenovo	thankpad_a485_firmware	< 5.03.3542.0026	Yes
Hardware	lenovo	thankpad_a485	-	No
Operating System	lenovo	thinkpad_e480_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e480	-	No
Operating System	lenovo	thinkpad_e580_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e580	-	No
Operating System	lenovo	thinkpad_e485_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e485	-	No
Operating System	lenovo	thinkpad_e585_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e585	-	No
Operating System	lenovo	thinkpad_e490s_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e490s	-	No
Operating System	lenovo	thinkpad_s3_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_s3	-	No
Operating System	lenovo	thinkpad_e490_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e490	-	No
Operating System	lenovo	thinkpad_e590_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e590	-	No
Operating System	lenovo	thinkpad_r490_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_r490	-	No
Operating System	lenovo	thinkpad_r590_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_r590	-	No
Operating System	lenovo	thinkpad_l480_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_l480	-	No
Operating System	lenovo	thinkpad_l580_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_l580	-	No
Operating System	lenovo	thinkpad_p1_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p1	-	No
Operating System	lenovo	thinkpad_p1_gen_2_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p1_gen_2	-	No
Operating System	lenovo	thinkpad_x1_extreme_2nd_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x1_extreme_2nd	-	No
Operating System	lenovo	thinkpad_p43s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p43s	-	No
Operating System	lenovo	thinkpad_p50_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_p50	-	No
Operating System	lenovo	thinkpad_p51_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51	-	No
Operating System	lenovo	thinkpad_p51s_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20jx\)	-	No
Operating System	lenovo	thinkpad_p51s_\(20kx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20kx\)	-	No
Operating System	lenovo	thinkpad_p51s_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20hx\)	-	No
Operating System	lenovo	thinkpad_p52_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p52	-	No
Operating System	lenovo	thinkpad_p52s_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p52s	-	No
Operating System	lenovo	thinkpad_p53_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p53	-	No
Operating System	lenovo	thinkpad_p53s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p53s	-	No
Operating System	lenovo	thinkpad_p70_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_p70	-	No
Operating System	lenovo	thinkpad_p71_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p71_\(20hx\)	-	No
Operating System	lenovo	thinkpad_p72_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p72	-	No
Operating System	lenovo	thinkpad_p73_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p73	-	No
Operating System	lenovo	thinkpad_t25_\(20k7\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t25_\(20k7\)	-	No
Operating System	lenovo	thinkpad_t460p_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_t460p	-	No
Operating System	lenovo	thinkpad_t460s_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_t460s	-	No
Operating System	lenovo	thinkpad_t470_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t470_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470_\(20jx\)	-	No
Operating System	lenovo	thinkpad_t470p_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470p	-	No
Operating System	lenovo	thinkpad_t470s_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470s_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t470s_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470s_\(20jx\)	-	No
Operating System	lenovo	thinkpad_t480_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t480	-	No
Operating System	lenovo	thinkpad_t480s_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t480s	-	No
Operating System	lenovo	thinkpad_t490_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t490	-	No
Operating System	lenovo	thinkpad_t490s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t490s	-	No
Operating System	lenovo	thinkpad_t570_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t570_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t570\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t570\(20jx\)	-	No
Operating System	lenovo	thinkpad_t580_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t580	-	No
Operating System	lenovo	thinkpad_t590_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t590	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20hx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20kx\)_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20kx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_carbon	-	No
Operating System	lenovo	thinkpad_x1_yoga_4th_gen_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_4th_gen	-	No
Operating System	lenovo	thinkpad_x1_extreme_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_extreme	-	No
Operating System	lenovo	thinkpad_x1_tablet_firmware	< 5.5.40.1058	Yes
Hardware	lenovo	thinkpad_x1_tablet	-	No
Operating System	lenovo	thinkpad_x1_tablet_\(20jx\)_firmware	< 5.2.227.26	Yes
Hardware	lenovo	thinkpad_x1_tablet_\(20jx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_yoga	-	No
Operating System	lenovo	thinkpad_x1_yoga_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_\(20jx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_3rd_gen_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_3rd_gen	-	No
Operating System	lenovo	thinkpad_x270_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x270	-	No
Operating System	lenovo	thinkpad_x280_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x280	-	No
Operating System	lenovo	thinkpad_x380_yoga_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x380_yoga	-	No
Operating System	lenovo	thinkpad_x390_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x390	-	No
Operating System	lenovo	thinkpad_x390_yoga_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x390_yoga	-	No
Operating System	lenovo	thinkpad_yoga_370_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_yoga_370	-	No
Operating System	lenovo	thinkpad_s1_3rd_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_s1_3rd	-	No
Operating System	lenovo	thinkpad_yoga_260_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_yoga_260	-	No
Operating System	lenovo	thinkpad_yoga_s1_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_yoga_s1	-	No
Operating System	lenovo	thinkpad_a275_firmware	< 5.2.3535.26	Yes
Hardware	lenovo	thinkpad_a275	-	No
Operating System	hp	envy_-_13t-ah100_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_-_13t-ah100	-	No
Operating System	hp	envy_-_13t-aq100_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_-_13t-aq100	-	No
Operating System	hp	envy_13-ah0xxx_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_13-ah0xxx	-	No
Operating System	hp	envy_13-ah1xxx_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_13-ah1xxx	-	No
Operating System	hp	envy_13-aq0xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_13-aq0xxx	-	No
Operating System	hp	envy_13-aq1xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_13-aq1xxx	-	No
Operating System	hp	envy_-_17t-bw000_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_-_17t-bw000	-	No
Operating System	hp	envy_-_17t-ce000_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_-_17t-ce000	-	No
Operating System	hp	envy_-_17t-ce100_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_-_17t-ce100	-	No
Operating System	hp	envy_17-bw0xxx_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_17-bw0xxx	-	No
Operating System	hp	envy_17-ce0xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_17-ce0xxx	-	No
Operating System	hp	envy_17-ce1xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_17-ce1xxx	-	No
Operating System	hp	envy_17m-bw0xxx_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_17m-bw0xxx	-	No
Operating System	hp	envy_17m-ce0xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_17m-ce0xxx	-	No
Operating System	hp	envy_17m-ce1xxx_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_17m-ce1xxx	-	No
Operating System	hp	envy_x360_-_15t-cn000_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_x360_-_15t-cn000	-	No
Operating System	hp	envy_x360_-_15t-dr000_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_x360_-_15t-dr000	-	No
Operating System	hp	envy_x360_-_15t-dr000_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_x360_-_15t-dr000_\(validity_fps\)	-	No
Operating System	hp	envy_x360_-_15t-dr100_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_x360_-_15t-dr100	-	No
Operating System	hp	envy_x360_-_15t-dr100_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_x360_-_15t-dr100_\(validity_fps\)	-	No
Operating System	hp	envy_15-cn0xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_15-cn0xxx_x360	-	No
Operating System	hp	envy_15-cn1xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_15-cn1xxx_x360	-	No
Operating System	hp	envy_15-dr0xxx_x360_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_15-dr0xxx_x360	-	No
Operating System	hp	envy_15-dr0xxx_x360_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_15-dr0xxx_x360_\(validity_fps\)	-	No
Operating System	hp	envy_15-dr1xxx_x360_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_15-dr1xxx_x360	-	No
Operating System	hp	envy_15-dr1xxx_x360_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_15-dr1xxx_x360_\(validity_fps\)	-	No
Operating System	hp	envy_15m-cn0xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	envy_15m-cn0xxx_x360	-	No
Operating System	hp	envy_15m-dr0xxx_x360_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_15m-dr0xxx_x360	-	No
Operating System	hp	envy_15m-dr0xxx_x360_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_15m-dr0xxx_x360_\(validity_fps\)	-	No
Operating System	hp	envy_15m-dr1xxx_x360_firmware	< 6.0.39.1111	Yes
Hardware	hp	envy_15m-dr1xxx_x360	-	No
Operating System	hp	envy_15m-dr1xxx_x360_\(validity_fps\)_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_15m-dr1xxx_x360_\(validity_fps\)	-	No
Operating System	hp	pavilion_x360_-_14t-cd000_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_x360_-_14t-cd000	-	No
Operating System	hp	pavilion_x360_-_15t-dq000_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_x360_-_15t-dq000	-	No
Operating System	hp	pavilion_x360_-_15t-dq100_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_x360_-_15t-dq100	-	No
Operating System	hp	pavilion_x360_14t-cd100_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_x360_14t-cd100	-	No
Operating System	hp	pavilion_x360_14t-dh000_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_x360_14t-dh000	-	No
Operating System	hp	pavilion_14-cd1xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_14-cd1xxx_x360	-	No
Operating System	hp	pavilion_14-cd2xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_14-cd2xxx_x360	-	No
Operating System	hp	pavilion_14-dh0xxx_x360_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_14-dh0xxx_x360	-	No
Operating System	hp	pavilion_14m-cd0xxx_x360_firmware	< 5.5.11.1093	Yes
Hardware	hp	pavilion_14m-cd0xxx_x360	-	No
Operating System	hp	pavilion_14m-dh0xxx_x360_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_14m-dh0xxx_x360	-	No
Operating System	hp	pavilion_15_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_15	-	No
Operating System	hp	spectre_x360_firmware	< 5.5.26.1102	Yes
Hardware	hp	spectre_x360	-	No

References

https://support.hp.com/hk-en/document/c06696568 Patch, Third Party Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory ([email protected])
https://www.synaptics.com/company/blog/ Vendor Advisory ([email protected])
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf Vendor Advisory ([email protected])
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ Vendor Advisory ([email protected])
https://support.hp.com/hk-en/document/c06696568 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synaptics.com/company/blog/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For synaptics's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.