Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Synaptics Audio Driver by Synaptics

    CVE-2024-9157 (GCVE-0-2024-9157)

    Vulnerability from nvd – Published: 2025-03-11 16:28 – Updated: 2025-03-11 19:20 Unsupported When Assigned
    VLAI
    Title
    Privilege Escalation Vulnerability in CxUIUSvc service
    Summary
    ** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Synaptics Synaptics Audio Driver Affected: 0 , < 9.0.282.* (custom)
    Affected: 0 , < 9.0.285.* (custom)
    Affected: 0 , < 9.0.278.* (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T19:20:00.613168Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T19:20:21.578Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Synaptics Audio Driver",
              "vendor": "Synaptics",
              "versions": [
                {
                  "lessThan": "9.0.282.*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.0.285.*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.0.278.*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e** UNSUPPORTED WHEN ASSIGNED **\u0026nbsp;\u003c/p\u003e\u003cp\u003eA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "** UNSUPPORTED WHEN ASSIGNED **\u00a0\n\nA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\n\n\nOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T16:28:06.178Z",
            "orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
            "shortName": "Synaptics"
          },
          "references": [
            {
              "url": "https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Privilege Escalation Vulnerability in CxUIUSvc service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
        "assignerShortName": "Synaptics",
        "cveId": "CVE-2024-9157",
        "datePublished": "2025-03-11T16:28:06.178Z",
        "dateReserved": "2024-09-24T16:04:17.926Z",
        "dateUpdated": "2025-03-11T19:20:21.578Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9157 (GCVE-0-2024-9157)

    Vulnerability from cvelistv5 – Published: 2025-03-11 16:28 – Updated: 2025-03-11 19:20 Unsupported When Assigned
    VLAI
    Title
    Privilege Escalation Vulnerability in CxUIUSvc service
    Summary
    ** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Synaptics Synaptics Audio Driver Affected: 0 , < 9.0.282.* (custom)
    Affected: 0 , < 9.0.285.* (custom)
    Affected: 0 , < 9.0.278.* (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T19:20:00.613168Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T19:20:21.578Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Synaptics Audio Driver",
              "vendor": "Synaptics",
              "versions": [
                {
                  "lessThan": "9.0.282.*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.0.285.*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.0.278.*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e** UNSUPPORTED WHEN ASSIGNED **\u0026nbsp;\u003c/p\u003e\u003cp\u003eA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "** UNSUPPORTED WHEN ASSIGNED **\u00a0\n\nA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\n\n\nOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T16:28:06.178Z",
            "orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
            "shortName": "Synaptics"
          },
          "references": [
            {
              "url": "https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Privilege Escalation Vulnerability in CxUIUSvc service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
        "assignerShortName": "Synaptics",
        "cveId": "CVE-2024-9157",
        "datePublished": "2025-03-11T16:28:06.178Z",
        "dateReserved": "2024-09-24T16:04:17.926Z",
        "dateUpdated": "2025-03-11T19:20:21.578Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }