CVE-2019-18619

7.8

HIGH

Synaptics WBF SynaTee SGX Enclave Code Execution Vulnerability

Description

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

INFO

Published Date :

July 22, 2020, 2:15 p.m.

Last Modified :

Nov. 21, 2024, 4:33 a.m.

Source :

cve@mitre.org

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8 Public PoC/Exploit Available at Github

CVE-2019-18619 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-18619 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Lenovo	thinkpad_e480_firmware
2	Lenovo	thinkpad_e580_firmware
3	Lenovo	thinkpad_l480_firmware
4	Lenovo	thinkpad_l580_firmware
5	Lenovo	thinkpad_p51_firmware
6	Lenovo	thinkpad_p52_firmware
7	Lenovo	thinkpad_p52s_firmware
8	Lenovo	thinkpad_p72_firmware
9	Lenovo	thinkpad_t470p_firmware
10	Lenovo	thinkpad_t480_firmware
11	Lenovo	thinkpad_t480s_firmware
12	Lenovo	thinkpad_t580_firmware
13	Lenovo	thinkpad_x380_yoga_firmware
14	Lenovo	thinkpad_yoga_370_firmware
15	Lenovo	thinkpad_x1_carbon_firmware
16	Lenovo	thinkpad_x1_tablet_firmware
17	Lenovo	thinkpad_x1_yoga_firmware
18	Lenovo	thinkpad_x270_firmware
19	Lenovo	thinkpad_x280_firmware
20	Lenovo	thinkpad_e480
21	Lenovo	thinkpad_e580
22	Lenovo	thinkpad_l480
23	Lenovo	thinkpad_l580
24	Lenovo	thinkpad_p51
25	Lenovo	thinkpad_p52
26	Lenovo	thinkpad_p52s
27	Lenovo	thinkpad_p72
28	Lenovo	thinkpad_t470p
29	Lenovo	thinkpad_t480
30	Lenovo	thinkpad_t480s
31	Lenovo	thinkpad_t580
32	Lenovo	thinkpad_x1_carbon
33	Lenovo	thinkpad_x1_tablet
34	Lenovo	thinkpad_x1_yoga
35	Lenovo	thinkpad_x270
36	Lenovo	thinkpad_x280
37	Lenovo	thinkpad_x380_yoga
38	Lenovo	thinkpad_yoga_370
39	Lenovo	thinkpad_t460p_firmware
40	Lenovo	thinkpad_e490s_firmware
41	Lenovo	thinkpad_s3_firmware
42	Lenovo	thinkpad_e490_firmware
43	Lenovo	thinkpad_e590_firmware
44	Lenovo	thinkpad_r490_firmware
45	Lenovo	thinkpad_r590_firmware
46	Lenovo	thinkpad_p1_firmware
47	Lenovo	thinkpad_p50_firmware
48	Lenovo	thinkpad_p53_firmware
49	Lenovo	thinkpad_p53s_firmware
50	Lenovo	thinkpad_p70_firmware
51	Lenovo	thinkpad_p73_firmware
52	Lenovo	thinkpad_t460s_firmware
53	Lenovo	thinkpad_t490_firmware
54	Lenovo	thinkpad_t490s_firmware
55	Lenovo	thinkpad_t590_firmware
56	Lenovo	thinkpad_x1_extreme_firmware
57	Lenovo	thinkpad_x390_firmware
58	Lenovo	thinkpad_x390_yoga_firmware
59	Lenovo	thinkpad_s1_3rd_firmware
60	Lenovo	thinkpad_a275_firmware
61	Lenovo	thinkpad_e485_firmware
62	Lenovo	thinkpad_e585_firmware
63	Lenovo	thinkpad_yoga_260_firmware
64	Lenovo	thinkpad_yoga_s1_firmware
65	Lenovo	thinkpad_p1_gen_2_firmware
66	Lenovo	thinkpad_p43s_firmware
67	Lenovo	thinkpad_x1_yoga_4th_gen_firmware
68	Lenovo	thinkpad_x1_yoga_3rd_gen_firmware
69	Lenovo	thinkpad_x1_extreme_2nd_firmware
70	Lenovo	thinkpad_25_firmware
71	Lenovo	thankpad_a475_firmware
72	Lenovo	thankpad_a485_firmware
73	Lenovo	thinkpad_p51s_\(20jx\)_firmware
74	Lenovo	thinkpad_p51s_\(20kx\)_firmware
75	Lenovo	thinkpad_p51s_\(20hx\)_firmware
76	Lenovo	thinkpad_p71_\(20hx\)_firmware
77	Lenovo	thinkpad_t25_\(20k7\)_firmware
78	Lenovo	thinkpad_t470_\(20hx\)_firmware
79	Lenovo	thinkpad_t470_\(20jx\)_firmware
80	Lenovo	thinkpad_t470s_\(20hx\)_firmware
81	Lenovo	thinkpad_t470s_\(20jx\)_firmware
82	Lenovo	thinkpad_t570_\(20hx\)_firmware
83	Lenovo	thinkpad_t570\(20jx\)_firmware
84	Lenovo	thinkpad_x1_carbon_\(20hx\)_firmware
85	Lenovo	thinkpad_x1_carbon_\(20kx\)_firmware
86	Lenovo	thinkpad_x1_tablet_\(20jx\)_firmware
87	Lenovo	thinkpad_x1_yoga_\(20jx\)_firmware
88	Lenovo	thinkpad_p50
89	Lenovo	thinkpad_p70
90	Lenovo	thinkpad_t460p
91	Lenovo	thinkpad_t460s
92	Lenovo	thinkpad_e490
93	Lenovo	thinkpad_e490s
94	Lenovo	thinkpad_e590
95	Lenovo	thinkpad_p1_gen_2
96	Lenovo	thinkpad_p43s
97	Lenovo	thinkpad_p53
98	Lenovo	thinkpad_p53s
99	Lenovo	thinkpad_p73
100	Lenovo	thinkpad_t490
101	Lenovo	thinkpad_t490s
102	Lenovo	thinkpad_t590
103	Lenovo	thinkpad_x1_yoga_4th_gen
104	Lenovo	thinkpad_x390
105	Lenovo	thinkpad_x390_yoga
106	Lenovo	thinkpad_a275
107	Lenovo	thinkpad_e485
108	Lenovo	thinkpad_e585
109	Lenovo	thinkpad_yoga_260
110	Lenovo	thinkpad_yoga_s1
111	Lenovo	thinkpad_s1_3rd
112	Lenovo	thinkpad_s3
113	Lenovo	thinkpad_r490
114	Lenovo	thinkpad_r590
115	Lenovo	thinkpad_p1
116	Lenovo	thinkpad_x1_extreme
117	Lenovo	thinkpad_25
118	Lenovo	thinkpad_x1_extreme_2nd
119	Lenovo	thankpad_a475
120	Lenovo	thankpad_a485
121	Lenovo	thinkpad_p51s_\(20jx\)
122	Lenovo	thinkpad_p51s_\(20kx\)
123	Lenovo	thinkpad_p51s_\(20hx\)
124	Lenovo	thinkpad_p71_\(20hx\)
125	Lenovo	thinkpad_t25_\(20k7\)
126	Lenovo	thinkpad_t470_\(20hx\)
127	Lenovo	thinkpad_t470_\(20jx\)
128	Lenovo	thinkpad_t470s_\(20hx\)
129	Lenovo	thinkpad_t470s_\(20jx\)
130	Lenovo	thinkpad_t570_\(20hx\)
131	Lenovo	thinkpad_t570\(20jx\)
132	Lenovo	thinkpad_x1_carbon_\(20hx\)
133	Lenovo	thinkpad_x1_carbon_\(20kx\)
134	Lenovo	thinkpad_x1_tablet_\(20jx\)
135	Lenovo	thinkpad_x1_yoga_\(20jx\)
136	Lenovo	thinkpad_x1_yoga_3rd_gen
1	Hp	spectre_x360_firmware
2	Hp	envy_-_13t-ah100_firmware
3	Hp	envy_-_13t-aq100_firmware
4	Hp	envy_13-ah0xxx_firmware
5	Hp	envy_13-ah1xxx_firmware
6	Hp	envy_13-aq0xxx_firmware
7	Hp	envy_13-aq1xxx_firmware
8	Hp	envy_-_17t-bw000_firmware
9	Hp	envy_-_17t-ce000_firmware
10	Hp	envy_-_17t-ce100_firmware
11	Hp	envy_17-bw0xxx_firmware
12	Hp	envy_17-ce0xxx_firmware
13	Hp	envy_17-ce1xxx_firmware
14	Hp	envy_17m-bw0xxx_firmware
15	Hp	envy_17m-ce0xxx_firmware
16	Hp	envy_17m-ce1xxx_firmware
17	Hp	envy_x360_-_15t-cn000_firmware
18	Hp	envy_x360_-_15t-dr000_firmware
19	Hp	envy_x360_-_15t-dr000_\(validity_fps\)_firmware
20	Hp	envy_x360_-_15t-dr100_firmware
21	Hp	envy_x360_-_15t-dr100_\(validity_fps\)_firmware
22	Hp	envy_15-cn0xxx_x360_firmware
23	Hp	envy_15-cn1xxx_x360_firmware
24	Hp	envy_15-dr0xxx_x360_firmware
25	Hp	envy_15-dr0xxx_x360_\(validity_fps\)_firmware
26	Hp	envy_15-dr1xxx_x360_firmware
27	Hp	envy_15-dr1xxx_x360_\(validity_fps\)_firmware
28	Hp	envy_15m-cn0xxx_x360_firmware
29	Hp	envy_15m-dr0xxx_x360_firmware
30	Hp	envy_15m-dr0xxx_x360_\(validity_fps\)_firmware
31	Hp	envy_15m-dr1xxx_x360_firmware
32	Hp	envy_15m-dr1xxx_x360_\(validity_fps\)_firmware
33	Hp	pavilion_x360_-_14t-cd000_firmware
34	Hp	pavilion_x360_-_15t-dq000_firmware
35	Hp	pavilion_x360_-_15t-dq100_firmware
36	Hp	pavilion_x360_14t-cd100_firmware
37	Hp	pavilion_x360_14t-dh000_firmware
38	Hp	pavilion_14-cd1xxx_x360_firmware
39	Hp	pavilion_14-cd2xxx_x360_firmware
40	Hp	pavilion_14-dh0xxx_x360_firmware
41	Hp	pavilion_14m-cd0xxx_x360_firmware
42	Hp	pavilion_14m-dh0xxx_x360_firmware
43	Hp	pavilion_15_firmware
44	Hp	spectre_x360
45	Hp	envy_-_13t-ah100
46	Hp	envy_-_13t-aq100
47	Hp	envy_13-ah0xxx
48	Hp	envy_13-ah1xxx
49	Hp	envy_13-aq0xxx
50	Hp	envy_13-aq1xxx
51	Hp	envy_-_17t-bw000
52	Hp	envy_-_17t-ce000
53	Hp	envy_-_17t-ce100
54	Hp	envy_17-bw0xxx
55	Hp	envy_17-ce0xxx
56	Hp	envy_17-ce1xxx
57	Hp	envy_17m-bw0xxx
58	Hp	envy_17m-ce0xxx
59	Hp	envy_17m-ce1xxx
60	Hp	envy_x360_-_15t-cn000
61	Hp	envy_x360_-_15t-dr000
62	Hp	envy_x360_-_15t-dr000_\(validity_fps\)
63	Hp	envy_x360_-_15t-dr100
64	Hp	envy_x360_-_15t-dr100_\(validity_fps\)
65	Hp	envy_15-cn0xxx_x360
66	Hp	envy_15-cn1xxx_x360
67	Hp	envy_15-dr0xxx_x360
68	Hp	envy_15-dr0xxx_x360_\(validity_fps\)
69	Hp	envy_15-dr1xxx_x360
70	Hp	envy_15-dr1xxx_x360_\(validity_fps\)
71	Hp	envy_15m-cn0xxx_x360
72	Hp	envy_15m-dr0xxx_x360
73	Hp	envy_15m-dr0xxx_x360_\(validity_fps\)
74	Hp	envy_15m-dr1xxx_x360
75	Hp	envy_15m-dr1xxx_x360_\(validity_fps\)
76	Hp	pavilion_x360_-_14t-cd000
77	Hp	pavilion_x360_-_15t-dq000
78	Hp	pavilion_x360_-_15t-dq100
79	Hp	pavilion_x360_14t-cd100
80	Hp	pavilion_x360_14t-dh000
81	Hp	pavilion_14-cd1xxx_x360
82	Hp	pavilion_14-cd2xxx_x360
83	Hp	pavilion_14-dh0xxx_x360
84	Hp	pavilion_14m-cd0xxx_x360
85	Hp	pavilion_14m-dh0xxx_x360
86	Hp	pavilion_15
1	Synaptics	vfs75xx_firmware
2	Synaptics	vfs75xx

: Total Affected Vendor : 3 | Products : 224

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-18619.

URL	Resource
https://support.hp.com/hk-en/document/c06696568	Patch Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-31372	Patch Third Party Advisory
https://www.synaptics.com/company/blog/	Vendor Advisory
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf	Vendor Advisory
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/	Vendor Advisory
https://support.hp.com/hk-en/document/c06696568	Patch Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-31372	Patch Third Party Advisory
https://www.synaptics.com/company/blog/	Vendor Advisory
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf	Vendor Advisory
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

uni-due-syssec/teerex-exploits

PoC exploits against various SGX enclaves

sgx exploit poc memory-corruption

C++ Makefile

Updated: 1 month, 3 weeks ago

14 stars 3 fork 3 watcher

Born at : April 3, 2020, 1:19 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-18619 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-18619 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	New Value
Added	Reference	https://support.hp.com/hk-en/document/c06696568
Added	Reference	https://support.lenovo.com/us/en/product_security/LEN-31372
Added	Reference	https://www.synaptics.com/company/blog/
Added	Reference	https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf
Added	Reference	https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/

CVE Modified by cve@mitre.org

May. 14, 2024

Action	Type	Old Value	New Value

Initial Analysis by nvd@nist.gov

Jul. 30, 2020

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://support.hp.com/hk-en/document/c06696568 No Types Assigned	https://support.hp.com/hk-en/document/c06696568 Patch, Third Party Advisory
Changed	Reference Type	https://support.lenovo.com/us/en/product_security/LEN-31372 No Types Assigned	https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory
Changed	Reference Type	https://www.synaptics.com/company/blog/ No Types Assigned	https://www.synaptics.com/company/blog/ Vendor Advisory
Changed	Reference Type	https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf No Types Assigned	https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf Vendor Advisory
Changed	Reference Type	https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ No Types Assigned	https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ Vendor Advisory
Added	CWE		NIST CWE-763
Added	CPE Configuration		AND OR cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.225.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.318.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.524.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.3530.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.3.3539.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.3.1116::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.8.1096::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.10.1093::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.11.1106::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.15.1102::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.38.1058::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.2734.1050::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.2811.1050::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.6.23.1000::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.14.1108::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.32.1104::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.42.1107::::::: OR cpe:2.3:h:synaptics:vfs75xx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_25_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_25:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thankpad_a475_firmware::::::::* versions up to (excluding) 5.02.3539.0026 OR cpe:2.3:h:lenovo:thankpad_a475:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thankpad_a485_firmware::::::::* versions up to (excluding) 5.03.3542.0026 OR cpe:2.3:h:lenovo:thankpad_a485:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e480_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e580_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e485_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e485:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e585_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e585:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e490s_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e490s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_s3_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_s3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e490_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e590_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_r490_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_r490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_r590_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_r590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_l480_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_l480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_l580_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_l580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p1_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p1_gen_2_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p1_gen_2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_extreme_2nd_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x1_extreme_2nd:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p43s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p43s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p50_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_p50:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20kx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20kx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p52_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p52:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p52s_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p52s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p53_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p53:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p53s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p53s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p70_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_p70:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p71_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p71_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p72_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p72:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p73_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p73:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t25_\(20k7\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t25_\(20k7\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t460p_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_t460p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t460s_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_t460s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470p_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470s_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470s_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470s_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470s_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t480_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t480s_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t480s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t490_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t490s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t490s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t570_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t570_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t570\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t570\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t580_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t590_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20kx\)_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20kx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_4th_gen_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_4th_gen:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_extreme_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware::::::::* versions up to (excluding) 5.5.40.1058 OR cpe:2.3:h:lenovo:thinkpad_x1_tablet:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_tablet_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.227.26 OR cpe:2.3:h:lenovo:thinkpad_x1_tablet_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_3rd_gen_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_3rd_gen:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x270_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x270:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x280_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x280:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x380_yoga_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x390_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x390:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x390_yoga_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x390_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_370_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_370:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_s1_3rd_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_s1_3rd:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_260:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_s1_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_s1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_a275_firmware::::::::* versions up to (excluding) 5.2.3535.26 OR cpe:2.3:h:lenovo:thinkpad_a275:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_13t-ah100_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_-_13t-ah100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_13t-aq100_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_13t-aq100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_13-ah0xxx_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_13-ah0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_13-ah1xxx_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_13-ah1xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_13-aq0xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_13-aq0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_13-aq1xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_13-aq1xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_17t-bw000_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_-_17t-bw000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_17t-ce000_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_17t-ce000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_17t-ce100_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_17t-ce100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17-bw0xxx_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_17-bw0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17-ce0xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17-ce0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17-ce1xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17-ce1xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17m-bw0xxx_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_17m-bw0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17m-ce0xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17m-ce0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17m-ce1xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17m-ce1xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-cn000_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_x360_-_15t-cn000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-dr000_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_x360_-_15t-dr000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-dr000_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_x360_-_15t-dr000_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-dr100_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_x360_-_15t-dr100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-dr100_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_x360_-_15t-dr100_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-cn0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15-cn0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-cn1xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15-cn1xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-dr0xxx_x360_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15-dr0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-dr0xxx_x360_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15-dr0xxx_x360_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-dr1xxx_x360_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15-dr1xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-dr1xxx_x360_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15-dr1xxx_x360_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-cn0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15m-cn0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-dr0xxx_x360_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15m-dr0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-dr0xxx_x360_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15m-dr0xxx_x360_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-dr1xxx_x360_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15m-dr1xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-dr1xxx_x360_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15m-dr1xxx_x360_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_-_14t-cd000_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_x360_-_14t-cd000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_-_15t-dq000_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_-_15t-dq000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_-_15t-dq100_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_-_15t-dq100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_14t-cd100_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_x360_14t-cd100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_14t-dh000_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_14t-dh000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14-cd1xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14-cd1xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14-cd2xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14-cd2xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14-dh0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_14-dh0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14m-cd0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14m-cd0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14m-dh0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_14m-dh0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_15_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_15:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:spectre_x360_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:spectre_x360:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-18619 is associated with the following CWEs:

CWE-763: Release of Invalid Pointer or Reference

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-18619 weaknesses.

CVE-2019-18619

Synaptics WBF SynaTee SGX Enclave Code Execution Vulnerability

Description

INFO

July 22, 2020, 2:15 p.m.

Nov. 21, 2024, 4:33 a.m.

cve@mitre.org

No

5.9

1.8

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

uni-due-syssec/teerex-exploits

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by cve@mitre.org

Initial Analysis by nvd@nist.gov

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.04 }} 0.00%

0.05635

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable