CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
synapticsvfs75xx_firmware
5.2.225.26
synapticsvfs75xx_firmware
5.2.318.26
synapticsvfs75xx_firmware
5.2.524.26
synapticsvfs75xx_firmware
5.2.3530.26
synapticsvfs75xx_firmware
5.3.3539.26
synapticsvfs75xx_firmware
5.5.3.1116
synapticsvfs75xx_firmware
5.5.8.1096
synapticsvfs75xx_firmware
5.5.10.1093
synapticsvfs75xx_firmware
5.5.11.1106
synapticsvfs75xx_firmware
5.5.15.1102
synapticsvfs75xx_firmware
5.5.38.1058
synapticsvfs75xx_firmware
5.5.2734.1050
synapticsvfs75xx_firmware
5.5.2811.1050
synapticsvfs75xx_firmware
5.6.23.1000
synapticsvfs75xx_firmware
6.0.14.1108
synapticsvfs75xx_firmware
6.0.32.1104
synapticsvfs75xx_firmware
6.0.42.1107
lenovothinkpad_25_firmware
𝑥
< 5.2.3540.26
lenovothankpad_a475_firmware
𝑥
< 5.02.3539.0026
lenovothankpad_a485_firmware
𝑥
< 5.03.3542.0026
lenovothinkpad_e480_firmware
𝑥
< 5.2.321.26
lenovothinkpad_e580_firmware
𝑥
< 5.2.321.26
lenovothinkpad_e485_firmware
𝑥
< 5.2.321.26
lenovothinkpad_e585_firmware
𝑥
< 5.2.321.26
lenovothinkpad_e490s_firmware
𝑥
< 5.2.321.26
lenovothinkpad_s3_firmware
𝑥
< 5.2.321.26
lenovothinkpad_e490_firmware
𝑥
< 5.2.321.26
lenovothinkpad_e590_firmware
𝑥
< 5.2.321.26
lenovothinkpad_r490_firmware
𝑥
< 5.2.321.26
lenovothinkpad_r590_firmware
𝑥
< 5.2.321.26
lenovothinkpad_l480_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_l580_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_p1_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_p1_gen_2_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_x1_extreme_2nd_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_p43s_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_p50_firmware
𝑥
< 5.1.338.26
lenovothinkpad_p51_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_p51s_\(20jx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_p51s_\(20kx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_p51s_\(20hx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_p52_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_p52s_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_p53_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_p53s_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_p70_firmware
𝑥
< 5.1.338.26
lenovothinkpad_p71_\(20hx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_p72_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_p73_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_t25_\(20k7\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_t460p_firmware
𝑥
< 5.1.338.26
lenovothinkpad_t460s_firmware
𝑥
< 5.1.338.26
lenovothinkpad_t470_\(20hx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_t470_\(20jx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_t470p_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_t470s_\(20hx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_t470s_\(20jx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_t480_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_t480s_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_t490_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_t490s_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_t570_\(20hx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_t570\(20jx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_t580_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_t590_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_x1_carbon_\(20hx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_x1_carbon_\(20kx\)_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_x1_carbon_firmware
𝑥
< 5.1.338.26
lenovothinkpad_x1_yoga_4th_gen_firmware
𝑥
< 5.1.338.26
lenovothinkpad_x1_extreme_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_x1_tablet_firmware
𝑥
< 5.5.40.1058
lenovothinkpad_x1_tablet_\(20jx\)_firmware
𝑥
< 5.2.227.26
lenovothinkpad_x1_yoga_firmware
𝑥
< 5.1.338.26
lenovothinkpad_x1_yoga_\(20jx\)_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_x1_yoga_3rd_gen_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_x270_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_x280_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_x380_yoga_firmware
𝑥
< 5.3.3542.26
lenovothinkpad_x390_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_x390_yoga_firmware
𝑥
< 6.0.36.1105
lenovothinkpad_yoga_370_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_s1_3rd_firmware
𝑥
< 5.2.3540.26
lenovothinkpad_yoga_260_firmware
𝑥
< 5.1.338.26
lenovothinkpad_yoga_s1_firmware
𝑥
< 5.1.338.26
lenovothinkpad_a275_firmware
𝑥
< 5.2.3535.26
hpenvy_-_13t-ah100_firmware
𝑥
< 5.5.11.1093
hpenvy_-_13t-aq100_firmware
𝑥
< 6.0.39.1111
hpenvy_13-ah0xxx_firmware
𝑥
< 5.5.11.1093
hpenvy_13-ah1xxx_firmware
𝑥
< 5.5.11.1093
hpenvy_13-aq0xxx_firmware
𝑥
< 6.0.39.1111
hpenvy_13-aq1xxx_firmware
𝑥
< 6.0.39.1111
hpenvy_-_17t-bw000_firmware
𝑥
< 5.5.11.1093
hpenvy_-_17t-ce000_firmware
𝑥
< 6.0.39.1111
hpenvy_-_17t-ce100_firmware
𝑥
< 6.0.39.1111
hpenvy_17-bw0xxx_firmware
𝑥
< 5.5.11.1093
hpenvy_17-ce0xxx_firmware
𝑥
< 6.0.39.1111
hpenvy_17-ce1xxx_firmware
𝑥
< 6.0.39.1111
hpenvy_17m-bw0xxx_firmware
𝑥
< 5.5.11.1093
hpenvy_17m-ce0xxx_firmware
𝑥
< 6.0.39.1111
hpenvy_17m-ce1xxx_firmware
𝑥
< 6.0.39.1111
hpenvy_x360_-_15t-cn000_firmware
𝑥
< 5.5.11.1093
hpenvy_x360_-_15t-dr000_firmware
𝑥
< 6.0.39.1111
hpenvy_x360_-_15t-dr000_\(validity_fps\)_firmware
𝑥
< 5.5.26.1102
hpenvy_x360_-_15t-dr100_firmware
𝑥
< 6.0.39.1111
hpenvy_x360_-_15t-dr100_\(validity_fps\)_firmware
𝑥
< 5.5.26.1102
hpenvy_15-cn0xxx_x360_firmware
𝑥
< 5.5.11.1093
hpenvy_15-cn1xxx_x360_firmware
𝑥
< 5.5.11.1093
hpenvy_15-dr0xxx_x360_firmware
𝑥
< 6.0.39.1111
hpenvy_15-dr0xxx_x360_\(validity_fps\)_firmware
𝑥
< 5.5.26.1102
hpenvy_15-dr1xxx_x360_firmware
𝑥
< 6.0.39.1111
hpenvy_15-dr1xxx_x360_\(validity_fps\)_firmware
𝑥
< 5.5.26.1102
hpenvy_15m-cn0xxx_x360_firmware
𝑥
< 5.5.11.1093
hpenvy_15m-dr0xxx_x360_firmware
𝑥
< 6.0.39.1111
hpenvy_15m-dr0xxx_x360_\(validity_fps\)_firmware
𝑥
< 5.5.26.1102
hpenvy_15m-dr1xxx_x360_firmware
𝑥
< 6.0.39.1111
hpenvy_15m-dr1xxx_x360_\(validity_fps\)_firmware
𝑥
< 5.5.26.1102
hppavilion_x360_-_14t-cd000_firmware
𝑥
< 5.5.11.1093
hppavilion_x360_-_15t-dq000_firmware
𝑥
< 5.5.8.1116
hppavilion_x360_-_15t-dq100_firmware
𝑥
< 5.5.8.1116
hppavilion_x360_14t-cd100_firmware
𝑥
< 5.5.11.1093
hppavilion_x360_14t-dh000_firmware
𝑥
< 5.5.8.1116
hppavilion_14-cd1xxx_x360_firmware
𝑥
< 5.5.11.1093
hppavilion_14-cd2xxx_x360_firmware
𝑥
< 5.5.11.1093
hppavilion_14-dh0xxx_x360_firmware
𝑥
< 5.5.8.1116
hppavilion_14m-cd0xxx_x360_firmware
𝑥
< 5.5.11.1093
hppavilion_14m-dh0xxx_x360_firmware
𝑥
< 5.5.8.1116
hppavilion_15_firmware
𝑥
< 5.5.8.1116
hpspectre_x360_firmware
𝑥
< 5.5.26.1102
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hp.com/hk-en/document/c06696568
https://support.lenovo.com/us/en/product_security/LEN-31372
https://www.synaptics.com/company/blog/
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/
https://support.hp.com/hk-en/document/c06696568
https://support.lenovo.com/us/en/product_security/LEN-31372
https://www.synaptics.com/company/blog/
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/