This security bulletin contains one low risk vulnerability.
CWE-200 - Information Exposure
Exploit availability: NoDescription
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to invalidly formatted API requests can cause SynTP.sys to reveal freed kernel memory pointers.. A local attacker can read portions of kernel memory that can be used to weaken KASLR and gain elevated privileges.Mitigation
Install updates from vendor's website.Vulnerable software versions
TouchPad: All versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?