CVE-2024-9157

11.03.2025, 17:16

** UNSUPPORTED WHEN ASSIGNED **

A privilege escalation vulnerability in CxUIUSvc64.exe and
CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized
attacker to load a DLL in a privileged process.


Out of an abundance of caution, this CVE ID is being
assigned to better serve our customers and ensure all who are still running
this product understand that the product is End-of-Life and should be removed.
For more information on this, refer to the CVE Records reference information.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Synaptics	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf