HPSBHF03675 rev. 1 - Synaptics® Fingerprint Drivers that use SGX

Potential Security Impact

Arbitrary Code Execution

Source: HP, HP Product Security Response Team (PSRT)

Reported By: Synaptics ®

VULNERABILITY SUMMARY

Synaptics has notified HP of a potential security vulnerability in certain versions of Synaptics Fingerprint Sensor Drivers using Intel® Software Guard eXtensions (SGX), which may allow a local user to execute arbitrary code that can compromise confidentiality of the Synaptics SGX protected memory.

The Synaptics Security Brief for this vulnerability can be found on the Synaptics product page for Fingerprint Sensors at <https://www.synaptics.com/products/biometrics&gt;[__](<https://www.synaptics.com/products/biometrics&gt; “External site.” ) (in English).

RESOLUTION

Synaptics has released updates to mitigate the potential vulnerability. HP has identified platforms with affected drivers and target versions for SoftPaqs. See the affected platforms listed below.

> note:
>
> Sign up for HP Subscriptions to be notified and receive:
>
> * Product support eAlerts
>
> * Driver updates
>
> * Security Bulletin updates
>
> HP recommends keeping your system up to date with the latest firmware and software.