Vulnerabilites related to synaptics - fingerprint_driver
CVE-2021-3675 (GCVE-0-2021-3675)
Vulnerability from cvelistv5
Published
2022-06-16 16:15
Modified
2024-09-16 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synaptics | Synaptics Fingerprint Driver |
Version: 5.1.xxx.26 < xxx=340 Version: 5.2.xxxx.26 < xxxx=3541 Version: 5.2.2xx.26 < xx=29 Version: 5.2.3xx.26 < xx=25 Version: 5.3.xxxx.26 < xxxx=3543 Version: 5.5.xx.1058 < xx=44 Version: 5.5.xx.1102 < xx=34 Version: 5.5.xx.1116 < xx=14 Version: 6.0.xx.1104 < xx=50 Version: 6.0.xx.1108 < xx=31 Version: 6.0.xx.1111 < xx=58 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-68054"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86/64"
],
"product": "Synaptics Fingerprint Driver",
"vendor": "Synaptics",
"versions": [
{
"lessThan": "xxx=340",
"status": "affected",
"version": "5.1.xxx.26",
"versionType": "custom"
},
{
"lessThan": "xxxx=3541",
"status": "affected",
"version": "5.2.xxxx.26",
"versionType": "custom"
},
{
"lessThan": "xx=29",
"status": "affected",
"version": "5.2.2xx.26",
"versionType": "custom"
},
{
"lessThan": "xx=25",
"status": "affected",
"version": "5.2.3xx.26",
"versionType": "custom"
},
{
"lessThan": "xxxx=3543",
"status": "affected",
"version": "5.3.xxxx.26",
"versionType": "custom"
},
{
"lessThan": "xx=44",
"status": "affected",
"version": "5.5.xx.1058",
"versionType": "custom"
},
{
"lessThan": "xx=34",
"status": "affected",
"version": "5.5.xx.1102",
"versionType": "custom"
},
{
"lessThan": "xx=14",
"status": "affected",
"version": "5.5.xx.1116",
"versionType": "custom"
},
{
"lessThan": "xx=50",
"status": "affected",
"version": "6.0.xx.1104",
"versionType": "custom"
},
{
"lessThan": "xx=31",
"status": "affected",
"version": "6.0.xx.1108",
"versionType": "custom"
},
{
"lessThan": "xx=58",
"status": "affected",
"version": "6.0.xx.1111",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Synaptics would like to thank Tobias Cloosters and Johannes Willbold for reporting this issue."
}
],
"datePublic": "2022-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T16:15:00",
"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"shortName": "Synaptics"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-68054"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797"
}
],
"solutions": [
{
"lang": "en",
"value": "Listed drivers and above have additional input validation."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "synaTEE.signed.dll Out-Of-Bounds Heap Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@synaptics.com",
"DATE_PUBLIC": "2022-06-14T22:44:00.000Z",
"ID": "CVE-2021-3675",
"STATE": "PUBLIC",
"TITLE": "synaTEE.signed.dll Out-Of-Bounds Heap Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synaptics Fingerprint Driver",
"version": {
"version_data": [
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.1.xxx.26",
"version_value": "xxx=340"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.2.xxxx.26",
"version_value": "xxxx=3541"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.2.2xx.26",
"version_value": "xx=29"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.2.3xx.26",
"version_value": "xx=25"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.3.xxxx.26",
"version_value": "xxxx=3543"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.5.xx.1058",
"version_value": "xx=44"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.5.xx.1102",
"version_value": "xx=34"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "5.5.xx.1116",
"version_value": "xx=14"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "6.0.xx.1104",
"version_value": "xx=50"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "6.0.xx.1108",
"version_value": "xx=31"
},
{
"platform": "x86/64",
"version_affected": "\u003c",
"version_name": "6.0.xx.1111",
"version_value": "xx=58"
}
]
}
}
]
},
"vendor_name": "Synaptics"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Synaptics would like to thank Tobias Cloosters and Johannes Willbold for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf",
"refsource": "CONFIRM",
"url": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-68054",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-68054"
},
{
"name": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797",
"refsource": "MISC",
"url": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797"
}
]
},
"solution": [
{
"lang": "en",
"value": "Listed drivers and above have additional input validation."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"assignerShortName": "Synaptics",
"cveId": "CVE-2021-3675",
"datePublished": "2022-06-16T16:15:00.966102Z",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-09-16T17:38:29.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6482 (GCVE-0-2023-6482)
Vulnerability from cvelistv5
Published
2024-01-27 00:19
Modified
2024-10-18 14:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Summary
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may
allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the
template database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synaptics | Synaptics Fingerprint Driver |
Version: 6.0.0.1103 < 6.0.17.1103 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T14:41:18.102766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T14:42:11.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Synaptics Fingerprint Driver",
"vendor": "Synaptics",
"versions": [
{
"lessThan": "6.0.17.1103",
"status": "affected",
"version": "6.0.0.1103",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of encryption key derived from static information in Synaptics Fingerprint Driver allows \n\nan attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor.\u0026nbsp;This may \nallow an attacker, who has physical access to the sensor, to enroll a fingerprint into the \ntemplate database."
}
],
"value": "Use of encryption key derived from static information in Synaptics Fingerprint Driver allows \n\nan attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor.\u00a0This may \nallow an attacker, who has physical access to the sensor, to enroll a fingerprint into the \ntemplate database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T16:33:12.763Z",
"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"shortName": "Synaptics"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Encryption key derived from static host information",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48",
"assignerShortName": "Synaptics",
"cveId": "CVE-2023-6482",
"datePublished": "2024-01-27T00:19:15.351Z",
"dateReserved": "2023-12-04T09:46:38.305Z",
"dateUpdated": "2024-10-18T14:42:11.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-01-27 01:15
Modified
2024-11-21 08:43
Severity ?
5.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
5.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
5.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Summary
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may
allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the
template database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synaptics | fingerprint_driver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D536C26-1861-49A5-B233-9C3FD0070B99",
"versionEndExcluding": "6.0.17.1103",
"versionStartIncluding": "6.0.00.1103",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of encryption key derived from static information in Synaptics Fingerprint Driver allows \n\nan attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor.\u00a0This may \nallow an attacker, who has physical access to the sensor, to enroll a fingerprint into the \ntemplate database."
},
{
"lang": "es",
"value": "El uso de una clave de cifrado derivada de informaci\u00f3n est\u00e1tica en Synaptics Fingerprint Driver permite a un atacante configurar una sesi\u00f3n TLS con el sensor de huellas digitales y enviar comandos restringidos al sensor de huellas digitales. Esto puede permitir que un atacante, que tiene acceso f\u00edsico al sensor, registre una huella digital en la base de datos de la plantilla."
}
],
"id": "CVE-2023-6482",
"lastModified": "2024-11-21T08:43:56.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "PSIRT@synaptics.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-27T01:15:08.033",
"references": [
{
"source": "PSIRT@synaptics.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf"
}
],
"sourceIdentifier": "PSIRT@synaptics.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "PSIRT@synaptics.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-16 17:15
Modified
2024-11-21 06:22
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F38E1DD1-ECC6-43BC-A9B4-AB9132BB5E33",
"versionEndExcluding": "5.1.340.26",
"versionStartIncluding": "5.1.000.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F018DFB2-D2B8-40FD-B1BA-54B6796FC5DB",
"versionEndExcluding": "5.2.3541.26",
"versionStartIncluding": "5.2.0000.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB516B80-AE5A-4B4D-87D2-AC891FAE552C",
"versionEndExcluding": "5.2.229.26",
"versionStartIncluding": "5.2.200.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4541B32F-5849-497B-8529-533115478160",
"versionEndExcluding": "5.2.325.26",
"versionStartIncluding": "5.2.300.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D42006-84C4-450E-B180-BFEC5D5C98E1",
"versionEndExcluding": "5.3.3543.26",
"versionStartIncluding": "5.3.0000.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22618553-5C06-487F-9F2A-E881DA0FC6A6",
"versionEndExcluding": "5.5.44.1058",
"versionStartIncluding": "5.5.00.1058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB65743-59BE-4580-AC83-E0239BCEB492",
"versionEndExcluding": "5.5.34.1102",
"versionStartIncluding": "5.5.00.1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A26003EA-72D4-40CC-AFA9-E9A9AFA35673",
"versionEndExcluding": "5.5.14.1116",
"versionStartIncluding": "5.5.00.1116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A73E613F-C8BD-42EC-9797-34B4AD2EC280",
"versionEndExcluding": "6.0.58.1111",
"versionStartIncluding": "6.0.00.1111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en el archivo synaTEE.signed.dll de Synaptics Fingerprint Driver, permite a un atacante local autorizado sobrescribir una etiqueta de la pila, con posible p\u00e9rdida de confidencialidad. Este problema afecta a: Synaptics Fingerprint Driver versiones: 5.1.xxx.26 versiones anteriores a xxx=340 en x86/64; 5.2.xxxx.26 versiones anteriores a xxxx=3541 en x86/64; 5.2.2xx.26 versiones anteriores a xx=29 en x86/64; 5.2.3xx.26 versiones anteriores a xx=25 en x86/64; 5.3.xxxx.26 versiones anteriores a xxxx=3543 en x86/64; 5.5.xx.1058 versiones anteriores a xx=44 en x86/64; 5.5.xx.1102 versiones anteriores a xx=34 en x86/64; 5.5.xx.1116 versiones anteriores a xx=14 en x86/64; 6.0.xx.1104 versiones anteriores a xx=50 en x86/64; 6.0.xx.1108 versiones anteriores a xx=31 en x86/64; 6.0.xx.1111 versiones anteriores a xx=58 en x86/64"
}
],
"id": "CVE-2021-3675",
"lastModified": "2024-11-21T06:22:08.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "PSIRT@synaptics.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-16T17:15:07.593",
"references": [
{
"source": "PSIRT@synaptics.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797"
},
{
"source": "PSIRT@synaptics.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-68054"
},
{
"source": "PSIRT@synaptics.com",
"tags": [
"Vendor Advisory"
],
"url": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-68054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf"
}
],
"sourceIdentifier": "PSIRT@synaptics.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "PSIRT@synaptics.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}