PT-2019-2538 · Synaptics · Synaptics Sound Device Drivers

Published

2019-04-12

Updated

2020-08-24

CVE-2019-9730

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synaptics Sound Device drivers versions prior to 2.29

Description The issue is related to insufficient access control in the CxUtilSvc component of the Synaptics Sound Device drivers. This can be exploited by a local attacker to elevate privileges in the Windows Registry using an unpublished API.

Recommendations For versions prior to 2.29, update to version 2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the CxUtilSvc component until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2019-02383

CVE-2019-9730

Affected Products

Synaptics Sound Device Drivers

PT-2019-2538 · Synaptics · Synaptics Sound Device Drivers

CVE-2019-9730

Weakness Enumeration

Related Identifiers

Affected Products

References · 10