Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-3675

Summary
Assigner-Synaptics
Assigner Org ID-54bb2a58-4278-44a9-851f-17e74ee51f48
Published At-16 Jun, 2022 | 16:15
Updated At-16 Sep, 2024 | 17:38
Rejected At-
Credits

synaTEE.signed.dll Out-Of-Bounds Heap Write

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Synaptics
Assigner Org ID:54bb2a58-4278-44a9-851f-17e74ee51f48
Published At:16 Jun, 2022 | 16:15
Updated At:16 Sep, 2024 | 17:38
Rejected At:
▼CVE Numbering Authority (CNA)
synaTEE.signed.dll Out-Of-Bounds Heap Write

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.

Affected Products
Vendor
Synaptics
Product
Synaptics Fingerprint Driver
Platforms
  • x86/64
Versions
Affected
  • From 5.1.xxx.26 before xxx=340 (custom)
  • From 5.2.xxxx.26 before xxxx=3541 (custom)
  • From 5.2.2xx.26 before xx=29 (custom)
  • From 5.2.3xx.26 before xx=25 (custom)
  • From 5.3.xxxx.26 before xxxx=3543 (custom)
  • From 5.5.xx.1058 before xx=44 (custom)
  • From 5.5.xx.1102 before xx=34 (custom)
  • From 5.5.xx.1116 before xx=14 (custom)
  • From 6.0.xx.1104 before xx=50 (custom)
  • From 6.0.xx.1108 before xx=31 (custom)
  • From 6.0.xx.1111 before xx=58 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Listed drivers and above have additional input validation.

Configurations
Workarounds
Exploits
Credits
Synaptics would like to thank Tobias Cloosters and Johannes Willbold for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf
x_refsource_CONFIRM
https://support.lenovo.com/us/en/product_security/LEN-68054
x_refsource_MISC
https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797
x_refsource_MISC
Hyperlink: https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-68054
Resource:
x_refsource_MISC
Hyperlink: https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf
x_refsource_CONFIRM
x_transferred
https://support.lenovo.com/us/en/product_security/LEN-68054
x_refsource_MISC
x_transferred
https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797
x_refsource_MISC
x_transferred
Hyperlink: https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-68054
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT@synaptics.com
Published At:16 Jun, 2022 | 17:15
Updated At:26 Jun, 2023 | 17:49

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.03.6LOW
AV:L/AC:L/Au:N/C:P/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 3.6
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:P
CPE Matches
synaptics
synaptics
>>fingerprint_driver>>Versions from 5.1.000.26(inclusive) to 5.1.340.26(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
synaptics
synaptics
>>fingerprint_driver>>Versions from 5.2.0000.26(inclusive) to 5.2.3541.26(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
synaptics
synaptics
>>fingerprint_driver>>Versions from 5.2.200.26(inclusive) to 5.2.229.26(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
synaptics
synaptics
>>fingerprint_driver>>Versions from 5.2.300.26(inclusive) to 5.2.325.26(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
synaptics
synaptics
>>fingerprint_driver>>Versions from 5.3.0000.26(inclusive) to 5.3.3543.26(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
synaptics
synaptics
>>fingerprint_driver>>Versions from 5.5.00.1058(inclusive) to 5.5.44.1058(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
synaptics
synaptics
>>fingerprint_driver>>Versions from 5.5.00.1102(inclusive) to 5.5.34.1102(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
synaptics
synaptics
>>fingerprint_driver>>Versions from 5.5.00.1116(inclusive) to 5.5.14.1116(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
synaptics
synaptics
>>fingerprint_driver>>Versions from 6.0.00.1111(inclusive) to 6.0.58.1111(exclusive)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-20SecondaryPSIRT@synaptics.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: PSIRT@synaptics.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797PSIRT@synaptics.com
Patch
Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-68054PSIRT@synaptics.com
Third Party Advisory
https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdfPSIRT@synaptics.com
Vendor Advisory
Hyperlink: https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797
Source: PSIRT@synaptics.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-68054
Source: PSIRT@synaptics.com
Resource:
Third Party Advisory
Hyperlink: https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdf
Source: PSIRT@synaptics.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found