Lenovo Security Advisory: LEN-31372
Potential Impact: Information disclosure, privilege escalation
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2019-18618, CVE-2019-18619
Summary Description:
Synaptics reported the following vulnerabilities in Synaptics Fingerprint drivers:
CVE-2019-18618: A vulnerability has been identified in some Synaptics Fingerprint drivers which could allow an attacker with physical or administrator access to modify data in the fingerprint sensor’s flash memory (only after clearing existing data).
CVE-2019-18619: A vulnerability has been identified in Synaptics Fingerprint drivers using Intel SGX that could allow execution of code within the SGX enclave.
Mitigation Strategy for Customers (what you should do to protect yourself):
Synaptics recommends updating to the Synaptics Fingerprint driver version (or newer) indicated for your model in the Product Impact section below.