Lucene search

[email protected]CVE-2019-18619

HistoryJul 22, 2020 - 2:15 p.m.

CVE-2019-18619

2020-07-2214:15:14

CWE-763

[email protected]

web.nvd.nist.gov

cve-2019-18619

synaptics wbf

parameter validation

sgx enclave

arbitrary code execution

confidential data

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

Affected configurations

NVD

Node

synapticsvfs75xx_firmwareMatch5.2.225.26

synapticsvfs75xx_firmwareMatch5.2.318.26

synapticsvfs75xx_firmwareMatch5.2.524.26

synapticsvfs75xx_firmwareMatch5.2.3530.26

synapticsvfs75xx_firmwareMatch5.3.3539.26

synapticsvfs75xx_firmwareMatch5.5.3.1116

synapticsvfs75xx_firmwareMatch5.5.8.1096

synapticsvfs75xx_firmwareMatch5.5.10.1093

synapticsvfs75xx_firmwareMatch5.5.11.1106

synapticsvfs75xx_firmwareMatch5.5.15.1102

synapticsvfs75xx_firmwareMatch5.5.38.1058

synapticsvfs75xx_firmwareMatch5.5.2734.1050

synapticsvfs75xx_firmwareMatch5.5.2811.1050

synapticsvfs75xx_firmwareMatch5.6.23.1000

synapticsvfs75xx_firmwareMatch6.0.14.1108

synapticsvfs75xx_firmwareMatch6.0.32.1104

synapticsvfs75xx_firmwareMatch6.0.42.1107

AND

synapticsvfs75xxMatch-

Node

lenovothinkpad_25_firmwareRange<5.2.3540.26

AND

lenovothinkpad_25Match-

Node

lenovothankpad_a475_firmwareRange<5.02.3539.0026

AND

lenovothankpad_a475Match-

Node

lenovothankpad_a485_firmwareRange<5.03.3542.0026

AND

lenovothankpad_a485Match-

Node

lenovothinkpad_e480_firmwareRange<5.2.321.26

AND

lenovothinkpad_e480Match-

Node

lenovothinkpad_e580_firmwareRange<5.2.321.26

AND

lenovothinkpad_e580Match-

Node

lenovothinkpad_e485_firmwareRange<5.2.321.26

AND

lenovothinkpad_e485Match-

Node

lenovothinkpad_e585_firmwareRange<5.2.321.26

AND

lenovothinkpad_e585Match-

Node

lenovothinkpad_e490s_firmwareRange<5.2.321.26

AND

lenovothinkpad_e490sMatch-

Node

lenovothinkpad_s3_firmwareRange<5.2.321.26

AND

lenovothinkpad_s3Match-

Node

lenovothinkpad_e490_firmwareRange<5.2.321.26

AND

lenovothinkpad_e490Match-

Node

lenovothinkpad_e590_firmwareRange<5.2.321.26

AND

lenovothinkpad_e590Match-

Node

lenovothinkpad_r490_firmwareRange<5.2.321.26

AND

lenovothinkpad_r490Match-

Node

lenovothinkpad_r590_firmwareRange<5.2.321.26

AND

lenovothinkpad_r590Match-

Node

lenovothinkpad_l480_firmwareRange<5.3.3542.26

AND

lenovothinkpad_l480Match-

Node

lenovothinkpad_l580_firmwareRange<5.3.3542.26

AND

lenovothinkpad_l580Match-

Node

lenovothinkpad_p1_firmwareRange<5.3.3542.26

AND

lenovothinkpad_p1Match-

Node

lenovothinkpad_p1_gen_2_firmwareRange<6.0.36.1105

AND

lenovothinkpad_p1_gen_2Match-

Node

lenovothinkpad_x1_extreme_2nd_firmwareRange<6.0.36.1105

AND

lenovothinkpad_x1_extreme_2ndMatch-

Node

lenovothinkpad_p43s_firmwareRange<6.0.36.1105

AND

lenovothinkpad_p43sMatch-

Node

lenovothinkpad_p50_firmwareRange<5.1.338.26

AND

lenovothinkpad_p50Match-

Node

lenovothinkpad_p51_firmwareRange<5.2.3540.26

AND

lenovothinkpad_p51Match-

Node

lenovothinkpad_p51s_\(20jx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_p51s_\(20jx\)Match-

Node

lenovothinkpad_p51s_\(20kx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_p51s_\(20kx\)Match-

Node

lenovothinkpad_p51s_\(20hx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_p51s_\(20hx\)Match-

Node

lenovothinkpad_p52_firmwareRange<5.2.3540.26

AND

lenovothinkpad_p52Match-

Node

lenovothinkpad_p52s_firmwareRange<5.3.3542.26

AND

lenovothinkpad_p52sMatch-

Node

lenovothinkpad_p53_firmwareRange<6.0.36.1105

AND

lenovothinkpad_p53Match-

Node

lenovothinkpad_p53s_firmwareRange<6.0.36.1105

AND

lenovothinkpad_p53sMatch-

Node

lenovothinkpad_p70_firmwareRange<5.1.338.26

AND

lenovothinkpad_p70Match-

Node

lenovothinkpad_p71_\(20hx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_p71_\(20hx\)Match-

Node

lenovothinkpad_p72_firmwareRange<5.3.3542.26

AND

lenovothinkpad_p72Match-

Node

lenovothinkpad_p73_firmwareRange<5.3.3542.26

AND

lenovothinkpad_p73Match-

Node

lenovothinkpad_t25_\(20k7\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_t25_\(20k7\)Match-

Node

lenovothinkpad_t460p_firmwareRange<5.1.338.26

AND

lenovothinkpad_t460pMatch-

Node

lenovothinkpad_t460s_firmwareRange<5.1.338.26

AND

lenovothinkpad_t460sMatch-

Node

lenovothinkpad_t470_\(20hx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_t470_\(20hx\)Match-

Node

lenovothinkpad_t470_\(20jx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_t470_\(20jx\)Match-

Node

lenovothinkpad_t470p_firmwareRange<5.2.3540.26

AND

lenovothinkpad_t470pMatch-

Node

lenovothinkpad_t470s_\(20hx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_t470s_\(20hx\)Match-

Node

lenovothinkpad_t470s_\(20jx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_t470s_\(20jx\)Match-

Node

lenovothinkpad_t480_firmwareRange<5.3.3542.26

AND

lenovothinkpad_t480Match-

Node

lenovothinkpad_t480s_firmwareRange<5.3.3542.26

AND

lenovothinkpad_t480sMatch-

Node

lenovothinkpad_t490_firmwareRange<6.0.36.1105

AND

lenovothinkpad_t490Match-

Node

lenovothinkpad_t490s_firmwareRange<6.0.36.1105

AND

lenovothinkpad_t490sMatch-

Node

lenovothinkpad_t570_\(20hx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_t570_\(20hx\)Match-

Node

lenovothinkpad_t570\(20jx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_t570\(20jx\)Match-

Node

lenovothinkpad_t580_firmwareRange<5.3.3542.26

AND

lenovothinkpad_t580Match-

Node

lenovothinkpad_t590_firmwareRange<6.0.36.1105

AND

lenovothinkpad_t590Match-

Node

lenovothinkpad_x1_carbon_\(20hx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_x1_carbon_\(20hx\)Match-

Node

lenovothinkpad_x1_carbon_\(20kx\)_firmwareRange<5.3.3542.26

AND

lenovothinkpad_x1_carbon_\(20kx\)Match-

Node

lenovothinkpad_x1_carbon_firmwareRange<5.1.338.26

AND

lenovothinkpad_x1_carbonMatch-

Node

lenovothinkpad_x1_yoga_4th_gen_firmwareRange<5.1.338.26

AND

lenovothinkpad_x1_yoga_4th_genMatch-

Node

lenovothinkpad_x1_extreme_firmwareRange<5.3.3542.26

AND

lenovothinkpad_x1_extremeMatch-

Node

lenovothinkpad_x1_tablet_firmwareRange<5.5.40.1058

AND

lenovothinkpad_x1_tabletMatch-

Node

lenovothinkpad_x1_tablet_\(20jx\)_firmwareRange<5.2.227.26

AND

lenovothinkpad_x1_tablet_\(20jx\)Match-

Node

lenovothinkpad_x1_yoga_firmwareRange<5.1.338.26

AND

lenovothinkpad_x1_yogaMatch-

Node

lenovothinkpad_x1_yoga_\(20jx\)_firmwareRange<5.2.3540.26

AND

lenovothinkpad_x1_yoga_\(20jx\)Match-

Node

lenovothinkpad_x1_yoga_3rd_gen_firmwareRange<5.3.3542.26

AND

lenovothinkpad_x1_yoga_3rd_genMatch-

Node

lenovothinkpad_x270_firmwareRange<5.2.3540.26

AND

lenovothinkpad_x270Match-

Node

lenovothinkpad_x280_firmwareRange<5.3.3542.26

AND

lenovothinkpad_x280Match-

Node

lenovothinkpad_x380_yoga_firmwareRange<5.3.3542.26

AND

lenovothinkpad_x380_yogaMatch-

Node

lenovothinkpad_x390_firmwareRange<6.0.36.1105

AND

lenovothinkpad_x390Match-

Node

lenovothinkpad_x390_yoga_firmwareRange<6.0.36.1105

AND

lenovothinkpad_x390_yogaMatch-

Node

lenovothinkpad_yoga_370_firmwareRange<5.2.3540.26

AND

lenovothinkpad_yoga_370Match-

Node

lenovothinkpad_s1_3rd_firmwareRange<5.2.3540.26

AND

lenovothinkpad_s1_3rdMatch-

Node

lenovothinkpad_yoga_260_firmwareRange<5.1.338.26

AND

lenovothinkpad_yoga_260Match-

Node

lenovothinkpad_yoga_s1_firmwareRange<5.1.338.26

AND

lenovothinkpad_yoga_s1Match-

Node

lenovothinkpad_a275_firmwareRange<5.2.3535.26

AND

lenovothinkpad_a275Match-

Node

hpenvy_-_13t-ah100_firmwareRange<5.5.11.1093

AND

hpenvy_-_13t-ah100Match-

Node

hpenvy_-_13t-aq100_firmwareRange<6.0.39.1111

AND

hpenvy_-_13t-aq100Match-

Node

hpenvy_13-ah0xxx_firmwareRange<5.5.11.1093

AND

hpenvy_13-ah0xxxMatch-

Node

hpenvy_13-ah1xxx_firmwareRange<5.5.11.1093

AND

hpenvy_13-ah1xxxMatch-

Node

hpenvy_13-aq0xxx_firmwareRange<6.0.39.1111

AND

hpenvy_13-aq0xxxMatch-

Node

hpenvy_13-aq1xxx_firmwareRange<6.0.39.1111

AND

hpenvy_13-aq1xxxMatch-

Node

hpenvy_-_17t-bw000_firmwareRange<5.5.11.1093

AND

hpenvy_-_17t-bw000Match-

Node

hpenvy_-_17t-ce000_firmwareRange<6.0.39.1111

AND

hpenvy_-_17t-ce000Match-

Node

hpenvy_-_17t-ce100_firmwareRange<6.0.39.1111

AND

hpenvy_-_17t-ce100Match-

Node

hpenvy_17-bw0xxx_firmwareRange<5.5.11.1093

AND

hpenvy_17-bw0xxxMatch-

Node

hpenvy_17-ce0xxx_firmwareRange<6.0.39.1111

AND

hpenvy_17-ce0xxxMatch-

Node

hpenvy_17-ce1xxx_firmwareRange<6.0.39.1111

AND

hpenvy_17-ce1xxxMatch-

Node

hpenvy_17m-bw0xxx_firmwareRange<5.5.11.1093

AND

hpenvy_17m-bw0xxxMatch-

Node

hpenvy_17m-ce0xxx_firmwareRange<6.0.39.1111

AND

hpenvy_17m-ce0xxxMatch-

Node

hpenvy_17m-ce1xxx_firmwareRange<6.0.39.1111

AND

hpenvy_17m-ce1xxxMatch-

Node

hpenvy_x360_-_15t-cn000_firmwareRange<5.5.11.1093

AND

hpenvy_x360_-_15t-cn000Match-

Node

hpenvy_x360_-_15t-dr000_firmwareRange<6.0.39.1111

AND

hpenvy_x360_-_15t-dr000Match-

Node

hpenvy_x360_-_15t-dr000_\(validity_fps\)_firmwareRange<5.5.26.1102

AND

hpenvy_x360_-_15t-dr000_\(validity_fps\)Match-

Node

hpenvy_x360_-_15t-dr100_firmwareRange<6.0.39.1111

AND

hpenvy_x360_-_15t-dr100Match-

Node

hpenvy_x360_-_15t-dr100_\(validity_fps\)_firmwareRange<5.5.26.1102

AND

hpenvy_x360_-_15t-dr100_\(validity_fps\)Match-

Node

hpenvy_15-cn0xxx_x360_firmwareRange<5.5.11.1093

AND

hpenvy_15-cn0xxx_x360Match-

Node

hpenvy_15-cn1xxx_x360_firmwareRange<5.5.11.1093

AND

hpenvy_15-cn1xxx_x360Match-

Node

hpenvy_15-dr0xxx_x360_firmwareRange<6.0.39.1111

AND

hpenvy_15-dr0xxx_x360Match-

Node

hpenvy_15-dr0xxx_x360_\(validity_fps\)_firmwareRange<5.5.26.1102

AND

hpenvy_15-dr0xxx_x360_\(validity_fps\)Match-

Node

hpenvy_15-dr1xxx_x360_firmwareRange<6.0.39.1111

AND

hpenvy_15-dr1xxx_x360Match-

Node

hpenvy_15-dr1xxx_x360_\(validity_fps\)_firmwareRange<5.5.26.1102

AND

hpenvy_15-dr1xxx_x360_\(validity_fps\)Match-

Node

hpenvy_15m-cn0xxx_x360_firmwareRange<5.5.11.1093

AND

hpenvy_15m-cn0xxx_x360Match-

Node

hpenvy_15m-dr0xxx_x360_firmwareRange<6.0.39.1111

AND

hpenvy_15m-dr0xxx_x360Match-

Node

hpenvy_15m-dr0xxx_x360_\(validity_fps\)_firmwareRange<5.5.26.1102

AND

hpenvy_15m-dr0xxx_x360_\(validity_fps\)Match-

Node

hpenvy_15m-dr1xxx_x360_firmwareRange<6.0.39.1111

AND

hpenvy_15m-dr1xxx_x360Match-

Node

hpenvy_15m-dr1xxx_x360_\(validity_fps\)_firmwareRange<5.5.26.1102

AND

hpenvy_15m-dr1xxx_x360_\(validity_fps\)Match-

Node

hppavilion_x360_-_14t-cd000_firmwareRange<5.5.11.1093

AND

hppavilion_x360_-_14t-cd000Match-

Node

hppavilion_x360_-_15t-dq000_firmwareRange<5.5.8.1116

AND

hppavilion_x360_-_15t-dq000Match-

Node

hppavilion_x360_-_15t-dq100_firmwareRange<5.5.8.1116

AND

hppavilion_x360_-_15t-dq100Match-

Node

hppavilion_x360_14t-cd100_firmwareRange<5.5.11.1093

AND

hppavilion_x360_14t-cd100Match-

Node

hppavilion_x360_14t-dh000_firmwareRange<5.5.8.1116

AND

hppavilion_x360_14t-dh000Match-

Node

hppavilion_14-cd1xxx_x360_firmwareRange<5.5.11.1093

AND

hppavilion_14-cd1xxx_x360Match-

Node

hppavilion_14-cd2xxx_x360_firmwareRange<5.5.11.1093

AND

hppavilion_14-cd2xxx_x360Match-

Node

hppavilion_14-dh0xxx_x360_firmwareRange<5.5.8.1116

AND

hppavilion_14-dh0xxx_x360Match-

Node

hppavilion_14m-cd0xxx_x360_firmwareRange<5.5.11.1093

AND

hppavilion_14m-cd0xxx_x360Match-

Node

hppavilion_14m-dh0xxx_x360_firmwareRange<5.5.8.1116

AND

hppavilion_14m-dh0xxx_x360Match-

Node

hppavilion_15_firmwareRange<5.5.8.1116

AND

hppavilion_15Match-

Node

hpspectre_x360_firmwareRange<5.5.26.1102

AND

hpspectre_x360Match-

CPENameOperatorVersion
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.2.225.26
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.2.318.26
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.2.524.26
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.2.3530.26
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.3.3539.26
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.5.3.1116
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.5.8.1096
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.5.10.1093
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.5.11.1106
synaptics:vfs75xx_firmwaresynaptics vfs75xx firmwareeq5.5.15.1102

CPE	Name	Operator	Version
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.2.225.26
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.2.318.26
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.2.524.26
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.2.3530.26
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.3.3539.26
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.5.3.1116
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.5.8.1096
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.5.10.1093
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.5.11.1106
synaptics:vfs75xx_firmware	synaptics vfs75xx firmware	eq	5.5.15.1102

Rows per page:

1-10 of 171

References

support.hp.com/hk-en/document/c06696568

support.lenovo.com/us/en/product_security/LEN-31372

www.synaptics.com/company/blog/

www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf

www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-18619

nvd1 hp1 prion1 cvelist1 lenovo2