BDU:2022-04174

Опубликовано: 14 июн. 2022

Источник: fstec

CVSS3: 5.5

CVSS2: 4.6

EPSS Низкий

Описание

Уязвимость библиотеки synaTEE.signed.dll драйвера отпечатков пальцев Synaptics Fingerprint Driver микропрограммного обеспечения ноутбуков Lenovo связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию

Вендор

Lenovo Group Limited

Наименование ПО

25 (Type 20K7) Laptop (ThinkPad)

A275 (Type 20KC, 20KD) Laptop (ThinkPad)

A285 (Type 20MW, 20MX) Laptop (ThinkPad)

A475 (Type 20KL, 20KM) Laptop (ThinkPad)

A485 (Type 20MU, 20MV) Laptop (ThinkPad)

E14 (Type 20RA, 20RB) Laptop (ThinkPad)

E14 Gen 2 (Type 20TA, 20TB) Laptop (ThinkPad)

E15 (Type 20RD, 20RE) Laptop (ThinkPad)

E15 Gen 2 (Type 20TD, 20TE) Laptop (ThinkPad)

E480 (Type 20KN, 20KQ) Laptop (ThinkPad)

E490 (Type 20N8, 20N9) Laptop (ThinkPad)

E580 (Type 20KS 20KT) Laptop (ThinkPad)

E590 (Type 20NB, 20NC) Laptop (ThinkPad)

L380 (type 20M5, 20M6) Laptops (ThinkPad)

L380 Yoga (type 20M7, 20M8) Laptops (ThinkPad)

L390 (type 20NR, 20NS) Laptops (ThinkPad)

L390 Yoga (type 20NT, 20NU) Laptops (ThinkPad)

L480 (type 20LS, 20LT) Laptops (ThinkPad)

L580 (type 20LW, 20LX) Laptops (ThinkPad)

P50 Laptop (ThinkPad)

P51 (Type 20HH, 20HJ) Laptop (ThinkPad)

P51 (Type 20MM, 20MN) Laptop (ThinkPad)

P51s (Type 20HB, 20HC) Laptop (ThinkPad)

P51s (Type 20JY, 20K0) Laptop (ThinkPad)

P52 (Type 20M9, 20MA) Laptop (ThinkPad)

P52s (Type 20LB, 20LC) Laptop (ThinkPad)

P70 Laptop (ThinkPad)

P71 (type 20HK, 20HL) Laptop (Thinkpad)

P72 (type 20MB, 20MC) Laptop (Thinkpad)

P73 (type 20QR, 20QS) Laptop (Thinkpad)

T460p Laptop (ThinkPad)

T460s Laptop (ThinkPad)

T470 (Type 20HD, 20HE) Laptop (ThinkPad)

T470 (Type 20JM, 20JN) Laptop (ThinkPad)

T470p Laptop (ThinkPad)

T470s (type 20HF, 20HG) Laptop (ThinkPad)

T470s (type 20JS, 20JT) Laptop (ThinkPad)

T480 (Type 20L5, 20L6) Laptop (ThinkPad)

T480s (type 20L7, 20L8) Laptop (ThinkPad)

T570 (Type 20H9,20HA) Laptop (ThinkPad)

T570 (Type 20JW, 20JX) Laptop (ThinkPad)

ThinkPad R14 Gen 2 Type 20TC PRC

ThinkPad S3 2nd Gen type 20RG China only

ThinkPad X1 Tablet 2nd Gen (Type 20JB, 20JC)

X1 Carbon 4th Gen (Type 20FB, 20FC) Laptop (ThinkPad)

X1 Carbon 5th Gen - Kabylake (Type 20HR, 20HQ) Laptop (ThinkPad)

X1 Carbon 5th Gen - Skylake (Type 20K4, 20K3) Laptop (ThinkPad)

X1 Carbon 6th Gen - (Type 20KH, 20KG) Laptop (ThinkPad)

X1 Extreme 1st Gen (Type 20MF, 20MG) Laptop (ThinkPad)

X1 Yoga 1st Gen (Type 20FQ, 20FR) Laptop (ThinkPad)

X1 Yoga 2nd Gen (Type 20JD, 20JE, 20JF, 20JG) Laptop (ThinkPad)

X1 Yoga 3rd Gen (Type 20LD, 20LE, 20LF, 20LG) Laptop (ThinkPad)

X270 (Type 20HN, 20HM) Laptop (ThinkPad)

X270 (Type 20K6, 20K5) Laptop (ThinkPad)

X380 Yoga Laptop (ThinkPad)

ThinkPad Yoga 260

Yoga 370 Laptop (ThinkPad)

Версия ПО

до 5.2.3541.26 (25 (Type 20K7) Laptop (ThinkPad))

до 5.2.3541.26 (A275 (Type 20KC, 20KD) Laptop (ThinkPad))

до 5.3.3543.26 (A285 (Type 20MW, 20MX) Laptop (ThinkPad))

до 5.2.3541.26 (A475 (Type 20KL, 20KM) Laptop (ThinkPad))

до 5.3.3543.26 (A485 (Type 20MU, 20MV) Laptop (ThinkPad))

до 6.0.31.1108 (E14 (Type 20RA, 20RB) Laptop (ThinkPad))

до 6.0.31.1108 (E14 Gen 2 (Type 20TA, 20TB) Laptop (ThinkPad))

до 6.0.31.1108 (E15 (Type 20RD, 20RE) Laptop (ThinkPad))

до 6.0.31.1108 (E15 Gen 2 (Type 20TD, 20TE) Laptop (ThinkPad))

до 5.02.0325.0026 (E480 (Type 20KN, 20KQ) Laptop (ThinkPad))

до 5.02.0325.0026 (E490 (Type 20N8, 20N9) Laptop (ThinkPad))

до 5.02.0325.0026 (E580 (Type 20KS 20KT) Laptop (ThinkPad))

до 5.02.0325.0026 (E590 (Type 20NB, 20NC) Laptop (ThinkPad))

- (L380 (type 20M5, 20M6) Laptops (ThinkPad))

- (L380 Yoga (type 20M7, 20M8) Laptops (ThinkPad))

- (L390 (type 20NR, 20NS) Laptops (ThinkPad))

- (L390 Yoga (type 20NT, 20NU) Laptops (ThinkPad))

до 5.03.3543.0026 (L480 (type 20LS, 20LT) Laptops (ThinkPad))

до 5.03.3543.0026 (L580 (type 20LW, 20LX) Laptops (ThinkPad))

до 5.1.340.26 (P50 Laptop (ThinkPad))

до 5.2.3541.26 (P51 (Type 20HH, 20HJ) Laptop (ThinkPad))

до 5.2.3541.26 (P51 (Type 20MM, 20MN) Laptop (ThinkPad))

до 5.2.3541.26 (P51s (Type 20HB, 20HC) Laptop (ThinkPad))

до 5.2.3541.26 (P51s (Type 20JY, 20K0) Laptop (ThinkPad))

до 5.3.3543.26 (P52 (Type 20M9, 20MA) Laptop (ThinkPad))

до 5.3.3543.26 (P52s (Type 20LB, 20LC) Laptop (ThinkPad))

до 5.1.340.26 (P70 Laptop (ThinkPad))

до 5.2.3541.26 (P71 (type 20HK, 20HL) Laptop (Thinkpad))

до 5.3.3543.26 (P72 (type 20MB, 20MC) Laptop (Thinkpad))

до 5.3.3543.26 (P73 (type 20QR, 20QS) Laptop (Thinkpad))

до 5.1.340.26 (T460p Laptop (ThinkPad))

до 5.1.340.26 (T460s Laptop (ThinkPad))

до 5.2.3541.26 (T470 (Type 20HD, 20HE) Laptop (ThinkPad))

до 5.2.3541.26 (T470 (Type 20JM, 20JN) Laptop (ThinkPad))

до 5.2.3541.26 (T470p Laptop (ThinkPad))

до 5.2.3541.26 (T470s (type 20HF, 20HG) Laptop (ThinkPad))

до 5.2.3541.26 (T470s (type 20JS, 20JT) Laptop (ThinkPad))

до 5.3.3543.26 (T480 (Type 20L5, 20L6) Laptop (ThinkPad))

до 5.3.3543.26 (T480s (type 20L7, 20L8) Laptop (ThinkPad))

до 5.2.3541.26 (T570 (Type 20H9,20HA) Laptop (ThinkPad))

до 5.3.3543.26 (T570 (Type 20JW, 20JX) Laptop (ThinkPad))

до 6.0.31.1108 (ThinkPad R14 Gen 2 Type 20TC PRC)

до 6.0.31.1108 (ThinkPad S3 2nd Gen type 20RG China only)

- (ThinkPad X1 Tablet 2nd Gen (Type 20JB, 20JC))

до 5.1.340.26 (X1 Carbon 4th Gen (Type 20FB, 20FC) Laptop (ThinkPad))

до 5.2.3541.26 (X1 Carbon 5th Gen - Kabylake (Type 20HR, 20HQ) Laptop (ThinkPad))

до 5.2.3541.26 (X1 Carbon 5th Gen - Skylake (Type 20K4, 20K3) Laptop (ThinkPad))

до 5.3.3543.26 (X1 Carbon 6th Gen - (Type 20KH, 20KG) Laptop (ThinkPad))

до 5.3.3543.26 (X1 Extreme 1st Gen (Type 20MF, 20MG) Laptop (ThinkPad))

до 5.1.340.26 (X1 Yoga 1st Gen (Type 20FQ, 20FR) Laptop (ThinkPad))

до 5.2.3541.26 (X1 Yoga 2nd Gen (Type 20JD, 20JE, 20JF, 20JG) Laptop (ThinkPad))

до 5.3.3543.26 (X1 Yoga 3rd Gen (Type 20LD, 20LE, 20LF, 20LG) Laptop (ThinkPad))

до 5.2.3541.26 (X270 (Type 20HN, 20HM) Laptop (ThinkPad))

до 5.2.3541.26 (X270 (Type 20K6, 20K5) Laptop (ThinkPad))

до 5.3.3543.26 (X380 Yoga Laptop (ThinkPad))

до 5.1.340.26 (ThinkPad Yoga 260)

до 5.2.3541.26 (Yoga 370 Laptop (ThinkPad))

Тип ПО

Микропрограммный код

Операционные системы и аппаратные платформы

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,6)

Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:

https://support.lenovo.com/ru/en/product_security/len-68054

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 35%

0.00142

Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2

Связанные уязвимости

CVE-2021-3675

CVSS3: 5.5

nvd

больше 3 лет назад

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.

GHSA-mqp4-mr97-536g

CVSS3: 7.1

github

больше 3 лет назад

EPSS

Процентиль: 35%

0.00142

Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2