Local Information Disclosure in Synaptics Touchpad Drivers
CVE-2018-15532

3.8LOW

Key Information:

Vendor
HP
Status
Synaptics ToucHPad Driver
Vendor
CVE Published:
21 March 2019

Summary

The Synaptics Touchpad drivers prior to June 6, 2018, contain a vulnerability in the SynTP.sys file that permits local users to access sensitive information related to freed kernel addresses. This flaw could potentially be exploited to gain insights into system memory management and compromise system integrity.

References

http://www.securityfocus.com/bid/106799
x_refsource_MISC
https://support.lenovo.com/us/en/product_security/LEN-23156
x_refsource_MISC
https://www.synaptics.com/products/touchpad-family
x_refsource_MISC

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.