CVE-2019-18618: Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows…

medium6CVSS 3.1

AVLACLPRHUINSUCHIHAN

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

Affected

147 ranges· showing 25

Vendor	Product	Version range	Fixed in
hp	elite_slice_firmware	< 5.2.3110.26	5.2.3110.26
hp	elite_x2_1012_g2_firmware	< 5.2.5026.26	5.2.5026.26
hp	elite_x2_1013_g3_firmware	< 5.5.21.1099	5.5.21.1099
hp	elite_x2_g4_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_1040_g4_firmware	< 5.2.5026.26	5.2.5026.26
hp	elitebook_1050_g1_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_735_g5_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_735_g6_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_745_g5_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_745_g6_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_755_g5_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_830_g5_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_830_g6_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_836_g5_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_836_g6_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_840_g5_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_840_g5_healthcare_edition_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_840_g6_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_840_g6_healthcare_edition_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_846_g5_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_846_g5_healthcare_edition_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_846_g6_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_846_g6_healthcare_edition_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_850_g5_firmware	< 5.5.21.1099	5.5.21.1099
hp	elitebook_850_g6_firmware	< 5.5.21.1099	5.5.21.1099