CVE-2019-18619

CWE-7633 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 66.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

112

HP Envy - 13t-ah100 Firmware HP Envy - 13t-aq100 Firmware HP Envy - 17t-bw000 Firmware +109 more

Timeline

PublishedJul 22

Latest updateMay 24

Description

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages112 packages

▶NVDsynaptics/vfs75xx_firmware17 versions+16

▶NVDhp/pavilion_15_firmware< 5.5.8.1116

▶NVDhp/spectre_x360_firmware< 5.5.26.1102

▶NVDhp/envy_13-ah0xxx_firmware< 5.5.11.1093

▶NVDhp/envy_13-ah1xxx_firmware< 5.5.11.1093

Patches

Patch: support.hp.com ↗Patch: support.lenovo.com ↗Patch: support.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-8359-42rq-7mfj: Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a loca↗2022-05-24

▶

CVEList

CVE-2019-18619: Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a loca↗2020-07-22

▶