Synaptics Touchpad Driver Leaks Kernel Memory Pointers - Lenovo Support US

Lenovo Security Advisory: LEN-23156

**Potential Impact:**Privilege escalation

Severity: Medium

Scope of Impact: Industry-wide

**CVE Identifier:**CVE-2018-15532

Summary Description:

Synaptics has informed Lenovo of a vulnerability in the Synaptics TouchPad driver. The driver can reveal freed kernel memory addresses through the driver API. This makes kernel address space layout randomization, the defense mechanism implemented in the OS, inefficient and an exploit could potentially mount kernel level attacks to the OS.

Mitigation Strategy for Customers (what you should do to protect yourself):

Synaptics recommends customers update to the driver version listed for your product below, or later.