Synaptics Fingerprint Vulnerabilities - Lenovo Support NL

Lenovo Security Advisory: LEN-31372

Potential Impact: Information disclosure, privilege escalation

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2019-18618, CVE-2019-18619

Summary Description:

Synaptics reported the following vulnerabilities in Synaptics Fingerprint drivers:

CVE-2019-18618: A vulnerability has been identified in some Synaptics Fingerprint drivers which could allow an attacker with physical or administrator access to modify data in the fingerprint sensor’s flash memory (only after clearing existing data).

CVE-2019-18619: A vulnerability has been identified in Synaptics Fingerprint drivers using Intel SGX that could allow execution of code within the SGX enclave.

Mitigation Strategy for Customers (what you should do to protect yourself):

Synaptics recommends updating to the Synaptics Fingerprint driver version (or newer) indicated for your model in the Product Impact section below.