Code injection

2020-07-2214:15:00

PRIOn knowledge base

www.prio-n.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

CPENameOperatorVersion
envy_-_13t-ah100_firmwarelt5.5.11.1093
envy_-_13t-aq100_firmwarelt6.0.39.1111
envy_-_17t-bw000_firmwarelt5.5.11.1093
envy_-_17t-ce000_firmwarelt6.0.39.1111
envy_-_17t-ce100_firmwarelt6.0.39.1111
envy_13-ah0xxx_firmwarelt5.5.11.1093
envy_13-ah1xxx_firmwarelt5.5.11.1093
envy_13-aq0xxx_firmwarelt6.0.39.1111
envy_13-aq1xxx_firmwarelt6.0.39.1111
envy_15-cn0xxx_x360_firmwarelt5.5.11.1093

Name	Operator	Version
envy_-_13t-ah100_firmware	lt	5.5.11.1093
envy_-_13t-aq100_firmware	lt	6.0.39.1111
envy_-_17t-bw000_firmware	lt	5.5.11.1093
envy_-_17t-ce000_firmware	lt	6.0.39.1111
envy_-_17t-ce100_firmware	lt	6.0.39.1111
envy_13-ah0xxx_firmware	lt	5.5.11.1093
envy_13-ah1xxx_firmware	lt	5.5.11.1093
envy_13-aq0xxx_firmware	lt	6.0.39.1111
envy_13-aq1xxx_firmware	lt	6.0.39.1111
envy_15-cn0xxx_x360_firmware	lt	5.5.11.1093