HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2019-18619

CVSS 7.8v3.1pub. 2020-07-22upd. 2024-11-21

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Lenovo Thankpad A475

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thankpad A475 Firmware

    OS
    Lenovo
    < 5.02.3539.0026
  • Lenovo Thankpad A485

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thankpad A485 Firmware

    OS
    Lenovo
    < 5.03.3542.0026
  • Lenovo Thinkpad 25

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad 25 Firmware

    OS
    Lenovo
    < 5.2.3540.26
  • Lenovo Thinkpad E480

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad E480 Firmware

    OS
    Lenovo
    < 5.2.321.26
  • Lenovo Thinkpad E485

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad E485 Firmware

    OS
    Lenovo
    < 5.2.321.26
  • Lenovo Thinkpad E490

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad E490 Firmware

    OS
    Lenovo
    < 5.2.321.26
  • Lenovo Thinkpad E490s

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad E490s Firmware

    OS
    Lenovo
    < 5.2.321.26
  • Lenovo Thinkpad E580

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad E580 Firmware

    OS
    Lenovo
    < 5.2.321.26
  • Lenovo Thinkpad E585

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad E585 Firmware

    OS
    Lenovo
    < 5.2.321.26
  • Lenovo Thinkpad E590

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad E590 Firmware

    OS
    Lenovo
    < 5.2.321.26
  • Lenovo Thinkpad L480

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad L480 Firmware

    OS
    Lenovo
    < 5.3.3542.26
  • Lenovo Thinkpad L580

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad L580 Firmware

    OS
    Lenovo
    < 5.3.3542.26
  • Lenovo Thinkpad P1

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad P1 Firmware

    OS
    Lenovo
    < 5.3.3542.26
  • Lenovo Thinkpad P1 Gen 2

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad P1 Gen 2 Firmware

    OS
    Lenovo
    < 6.0.36.1105
  • Lenovo Thinkpad P43s

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkpad P43s Firmware

    OS
    Lenovo
    < 6.0.36.1105
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2018-16098HIGH7.8ten sam produkt

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics...

CVE-2017-3767HIGH7.8ten sam produkt

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1....

CVE-2022-48189MEDIUM6.7ten sam produkt

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with ...

CVE-2022-4575MEDIUM6.7ten sam produkt

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad ...

CVE-2023-2290MEDIUM6.4ten sam produkt

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local acces...

CVE-2019-18619 β€” Lenovo β€” Thankpad A475 β€” HIGH β€” CVSS 7.8 | CVEbaza.pl