VYPR

Vendor CVEs

Synaptics

All CVEs

24 total · sorted by risk
  • CVE-2019-9730HigJun 5, 2019
    risk 0.57cvss 8.8epss 0.01

    Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.

  • CVE-2024-9157HigMar 11, 2025
    risk 0.51cvss 7.8epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to…

  • CVE-2019-18619HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept…

  • CVE-2016-6672HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088.

  • CVE-2016-3865HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.

  • CVE-2017-0581HigApr 7, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2017-0580HigApr 7, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2017-0524HigMar 8, 2017
    risk 0.46cvss 7.0epss 0.02

    An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2017-0433HigFeb 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged…

  • CVE-2016-8458HigJan 12, 2017
    risk 0.46cvss 7.0epss 0.02

    An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2016-8394HigJan 12, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2016-8393HigJan 12, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2020-8337MedJun 9, 2020
    risk 0.44cvss 6.7epss 0.00

    An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

  • CVE-2025-11772MedDec 1, 2025
    risk 0.43cvss 6.6epss 0.00

    A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.

  • CVE-2019-18618MedJul 22, 2020
    risk 0.39cvss 6.0epss 0.01

    Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an…

  • CVE-2023-5447MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.00

    Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App.

  • CVE-2023-4936MedOct 11, 2023
    risk 0.36cvss 5.5epss 0.00

    It is possible to sideload a compromised DLL during the installation at elevated privilege.

  • CVE-2021-3675MedJun 16, 2022
    risk 0.36cvss 5.5epss 0.00

    Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior…

  • CVE-2023-6482MedJan 27, 2024
    risk 0.34cvss 5.2epss 0.00

    Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the…

  • CVE-2017-17556MedDec 15, 2017
    risk 0.33cvss 5.1epss 0.01

    A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

  • CVE-2017-0650MedJun 14, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0634MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0536MedMar 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2018-15532LowMar 21, 2019
    risk 0.25cvss 3.8epss 0.01

    SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.