Main Vulnerability Database Vulnerabilities #VU17359

#VU17359 Information disclosure in TouchPad - CVE-2018-15532

Published: February 1, 2019

Vulnerability identifier: #VU17359

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-15532

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
TouchPad

Software vendor:
Synaptics

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to invalidly formatted API requests can cause SynTP.sys to reveal freed kernel memory pointers.. A local attacker can read portions of kernel memory that can be used to weaken KASLR and gain elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf

#VU17359 Information disclosure in TouchPad - CVE-2018-15532

Description

Remediation

External links

Please verify you're human