Описание
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-18619
- https://support.hp.com/hk-en/document/c06696568
- https://support.lenovo.com/us/en/product_security/LEN-31372
- https://www.synaptics.com/company/blog
- https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf
- https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software
EPSS
CVE ID
Связанные уязвимости
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.
EPSS