CVE-2019-18619

Name of the Vulnerable Software and Affected Versions: Synaptics WBF drivers versions prior to 2019-11-15

Description: The issue is related to incorrect parameter validation in the synaTee component of Synaptics WBF drivers that utilize an SGX enclave. This allows a local user to execute arbitrary code within the enclave, potentially compromising the confidentiality of enclave data. The exploitation occurs via APIs that accept invalid pointers.

Recommendations: For versions prior to 2019-11-15, update to a version released after 2019-11-15 to resolve the issue. As a temporary workaround, consider restricting access to APIs that accept invalid pointers to minimize the risk of exploitation.