{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9157", "assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48", "state": "PUBLISHED", "assignerShortName": "Synaptics", "dateReserved": "2024-09-24T16:04:17.926Z", "datePublished": "2025-03-11T16:28:06.178Z", "dateUpdated": "2025-03-11T19:20:21.578Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Synaptics Audio Driver", "vendor": "Synaptics", "versions": [{"lessThan": "9.0.282.*", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "9.0.285.*", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "9.0.278.*", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>** UNSUPPORTED WHEN ASSIGNED **&nbsp;</p><p>A privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.<br></p><p>Out of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information.</p>\n\n\n\n\n\n<br><p></p>"}], "value": "** UNSUPPORTED WHEN ASSIGNED **\u00a0\n\nA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\n\n\nOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48", "shortName": "Synaptics", "dateUpdated": "2025-03-11T16:28:06.178Z"}, "references": [{"url": "https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf"}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "Privilege Escalation Vulnerability in CxUIUSvc service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T19:20:00.613168Z", "id": "CVE-2024-9157", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T19:20:21.578Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9157", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-11T19:20:00.613168Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T19:20:17.300Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Privilege Escalation Vulnerability in CxUIUSvc service", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Synaptics", "product": "Synaptics Audio Driver", "versions": [{"status": "affected", "version": "0", "lessThan": "9.0.282.*", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "9.0.285.*", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "9.0.278.*", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\u00a0\n\nA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\n\n\nOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information.", "supportingMedia": [{"type": "text/html", "value": "<p>** UNSUPPORTED WHEN ASSIGNED **&nbsp;</p><p>A privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.<br></p><p>Out of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information.</p>\n\n\n\n\n\n<br><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "54bb2a58-4278-44a9-851f-17e74ee51f48", "shortName": "Synaptics", "dateUpdated": "2025-03-11T16:28:06.178Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9157", "state": "PUBLISHED", "dateUpdated": "2025-03-11T19:20:21.578Z", "dateReserved": "2024-09-24T16:04:17.926Z", "assignerOrgId": "54bb2a58-4278-44a9-851f-17e74ee51f48", "datePublished": "2025-03-11T16:28:06.178Z", "assignerShortName": "Synaptics"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "PSIRT@synaptics.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\u00a0\n\nA privilege escalation vulnerability in CxUIUSvc64.exe and\nCxUIUSvc32.exe of Synaptics audio drivers allows a local authorized\nattacker to load a DLL in a privileged process.\n\n\nOut of an abundance of caution, this CVE ID is being\nassigned to better serve our customers and ensure all who are still running\nthis product understand that the product is End-of-Life and should be removed.\nFor more information on this, refer to the CVE Record\u2019s reference information."}], "id": "CVE-2024-9157", "lastModified": "2025-03-11T17:16:17.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "PSIRT@synaptics.com", "type": "Secondary"}]}, "published": "2025-03-11T17:16:17.330", "references": [{"source": "PSIRT@synaptics.com", "url": "https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf"}], "sourceIdentifier": "PSIRT@synaptics.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "PSIRT@synaptics.com", "type": "Secondary"}]}

{}