CVE-2024-9157

EUVD-2024-54125
** UNSUPPORTED WHEN ASSIGNED ** 

A privilege escalation vulnerability in CxUIUSvc64.exe and
CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized
attacker to load a DLL in a privileged process.


Out of an abundance of caution, this CVE ID is being
assigned to better serve our customers and ensure all who are still running
this product understand that the product is End-of-Life and should be removed.
For more information on this, refer to the CVE Record’s reference information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SynapticsCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5053618
1607 (x64, x86)
KB5053594
1809 (x64, x86)
KB5053596
21H2 (arm64, x64, x86)
KB5053606
22H2 (arm64, x64, x86)
KB5053606
Windows 11
22H2 (arm64, x64)
KB5053602
23H2 (arm64, x64)
KB5053602
24H2 (arm64, x64)
KB5053598
Windows Server 2008
Service Pack 2 (x64, x86)
KB5053995
Service Pack 2 Server Core (x64, x86)
KB5053995
Windows Server 2008 R2
Service Pack 1 (x64)
KB5053627
Service Pack 1 Server Core (x64)
KB5053627
Windows Server 2012
Server Core
KB5053886
Standard
KB5053886
Windows Server 2012 R2
Server Core
KB5053887
Standard
KB5053887
Windows Server 2016
Server Core
KB5053594
Standard
KB5053594
Windows Server 2019
Server Core
KB5053596
Standard
KB5053596
Windows Server 2022
23H2 Server Core
KB5053599
Server Core
KB5053603
Standard
KB5053603
Windows Server 2025
Server Core
KB5053598
Standard
KB5053598
Common Weakness Enumeration
References
https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf