Synaptics
Products
13- 12 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
24| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9730 | Hig | 0.57 | 8.8 | 0.01 | Jun 5, 2019 | Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API. | ||
| CVE-2024-9157 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2025 | ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to… | ||
| CVE-2019-18619 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2020 | Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept… | ||
| CVE-2016-6672 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2016 | The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088. | ||
| CVE-2016-3865 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2016 | The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389. | ||
| CVE-2017-0581 | Hig | 0.46 | 7.0 | 0.01 | Apr 7, 2017 | An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:… | ||
| CVE-2017-0580 | Hig | 0.46 | 7.0 | 0.01 | Apr 7, 2017 | An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:… | ||
| CVE-2017-0524 | Hig | 0.46 | 7.0 | 0.02 | Mar 8, 2017 | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:… | ||
| CVE-2017-0433 | Hig | 0.46 | 7.0 | 0.01 | Feb 8, 2017 | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged… | ||
| CVE-2016-8458 | Hig | 0.46 | 7.0 | 0.02 | Jan 12, 2017 | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:… | ||
| CVE-2016-8394 | Hig | 0.46 | 7.0 | 0.01 | Jan 12, 2017 | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:… | ||
| CVE-2016-8393 | Hig | 0.46 | 7.0 | 0.01 | Jan 12, 2017 | An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:… | ||
| CVE-2020-8337 | Med | 0.44 | 6.7 | 0.00 | Jun 9, 2020 | An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code. | ||
| CVE-2025-11772 | Med | 0.43 | 6.6 | 0.00 | Dec 1, 2025 | A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation. | ||
| CVE-2019-18618 | Med | 0.39 | 6.0 | 0.01 | Jul 22, 2020 | Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an… | ||
| CVE-2023-5447 | Med | 0.36 | 5.5 | 0.00 | May 14, 2024 | Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App. | ||
| CVE-2023-4936 | Med | 0.36 | 5.5 | 0.00 | Oct 11, 2023 | It is possible to sideload a compromised DLL during the installation at elevated privilege. | ||
| CVE-2021-3675 | Med | 0.36 | 5.5 | 0.00 | Jun 16, 2022 | Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior… | ||
| CVE-2023-6482 | Med | 0.34 | 5.2 | 0.00 | Jan 27, 2024 | Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the… | ||
| CVE-2017-17556 | Med | 0.33 | 5.1 | 0.01 | Dec 15, 2017 | A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. |
- risk 0.57cvss 8.8epss 0.01
Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.
- risk 0.51cvss 7.8epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to…
- risk 0.51cvss 7.8epss 0.00
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept…
- risk 0.51cvss 7.8epss 0.00
The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088.
- risk 0.51cvss 7.8epss 0.01
The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…
- risk 0.46cvss 7.0epss 0.02
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged…
- risk 0.46cvss 7.0epss 0.02
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…
- risk 0.44cvss 6.7epss 0.00
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
- risk 0.43cvss 6.6epss 0.00
A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.
- risk 0.39cvss 6.0epss 0.01
Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an…
- risk 0.36cvss 5.5epss 0.00
Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App.
- risk 0.36cvss 5.5epss 0.00
It is possible to sideload a compromised DLL during the installation at elevated privilege.
- risk 0.36cvss 5.5epss 0.00
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior…
- risk 0.34cvss 5.2epss 0.00
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the…
- risk 0.33cvss 5.1epss 0.01
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.