CVE-2024-9157Improper Access Control in Audio Driver

CWE-284Improper Access Control6 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 89.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Synaptics Audio DriverMsrc Windows 10Msrc Windows 10 Version 1607+13 more
Timeline
PublishedMar 11

Description

** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

CVEListV5synaptics/synaptics_audio_driver< 9.0.282.*+2

🔴Vulnerability Details

1
GHSA
GHSA-fxhc-7857-mhjj: ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc642025-03-11

📋Vendor Advisories

1
Microsoft
Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability2025-03-11

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities2025-03-11
Talos
Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities2025-03-11
Bleepingcomputer
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws2025-03-11