CVE-2019-18619

7.8

HIGH

Synaptics WBF SynaTee SGX Enclave Code Execution Vulnerability

Description

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

INFO

Published Date :

July 22, 2020, 2:15 p.m.

Last Modified :

July 30, 2020, 7:28 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8 Public PoC/Exploit Available at Github

CVE-2019-18619 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-18619 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Lenovo	thinkpad_e480_firmware
2	Lenovo	thinkpad_e580_firmware
3	Lenovo	thinkpad_l480_firmware
4	Lenovo	thinkpad_l580_firmware
5	Lenovo	thinkpad_p51_firmware
6	Lenovo	thinkpad_p52_firmware
7	Lenovo	thinkpad_p52s_firmware
8	Lenovo	thinkpad_p72_firmware
9	Lenovo	thinkpad_t470p_firmware
10	Lenovo	thinkpad_t480_firmware
11	Lenovo	thinkpad_t480s_firmware
12	Lenovo	thinkpad_t580_firmware
13	Lenovo	thinkpad_x380_yoga_firmware
14	Lenovo	thinkpad_yoga_370_firmware
15	Lenovo	thinkpad_x1_carbon_firmware
16	Lenovo	thinkpad_x1_tablet_firmware
17	Lenovo	thinkpad_x1_yoga_firmware
18	Lenovo	thinkpad_x270_firmware
19	Lenovo	thinkpad_x280_firmware
20	Lenovo	thinkpad_t460p_firmware
21	Lenovo	thinkpad_e490s_firmware
22	Lenovo	thinkpad_s3_firmware
23	Lenovo	thinkpad_e490_firmware
24	Lenovo	thinkpad_e590_firmware
25	Lenovo	thinkpad_r490_firmware
26	Lenovo	thinkpad_r590_firmware
27	Lenovo	thinkpad_p1_firmware
28	Lenovo	thinkpad_p50_firmware
29	Lenovo	thinkpad_p53_firmware
30	Lenovo	thinkpad_p53s_firmware
31	Lenovo	thinkpad_p70_firmware
32	Lenovo	thinkpad_p73_firmware
33	Lenovo	thinkpad_t460s_firmware
34	Lenovo	thinkpad_t490_firmware
35	Lenovo	thinkpad_t490s_firmware
36	Lenovo	thinkpad_t590_firmware
37	Lenovo	thinkpad_x1_extreme_firmware
38	Lenovo	thinkpad_x390_firmware
39	Lenovo	thinkpad_x390_yoga_firmware
40	Lenovo	thinkpad_s1_3rd_firmware
41	Lenovo	thinkpad_a275_firmware
42	Lenovo	thinkpad_e485_firmware
43	Lenovo	thinkpad_e585_firmware
44	Lenovo	thinkpad_yoga_260_firmware
45	Lenovo	thinkpad_yoga_s1_firmware
46	Lenovo	thinkpad_p1_gen_2_firmware
47	Lenovo	thinkpad_p43s_firmware
48	Lenovo	thinkpad_x1_yoga_4th_gen_firmware
49	Lenovo	thinkpad_x1_yoga_3rd_gen_firmware
50	Lenovo	thinkpad_x1_extreme_2nd_firmware
51	Lenovo	thinkpad_25_firmware
52	Lenovo	thankpad_a475_firmware
53	Lenovo	thankpad_a485_firmware
54	Lenovo	thinkpad_p51s_\(20jx\)_firmware
55	Lenovo	thinkpad_p51s_\(20kx\)_firmware
56	Lenovo	thinkpad_p51s_\(20hx\)_firmware
57	Lenovo	thinkpad_p71_\(20hx\)_firmware
58	Lenovo	thinkpad_t25_\(20k7\)_firmware
59	Lenovo	thinkpad_t470_\(20hx\)_firmware
60	Lenovo	thinkpad_t470_\(20jx\)_firmware
61	Lenovo	thinkpad_t470s_\(20hx\)_firmware
62	Lenovo	thinkpad_t470s_\(20jx\)_firmware
63	Lenovo	thinkpad_t570_\(20hx\)_firmware
64	Lenovo	thinkpad_t570\(20jx\)_firmware
65	Lenovo	thinkpad_x1_carbon_\(20hx\)_firmware
66	Lenovo	thinkpad_x1_carbon_\(20kx\)_firmware
67	Lenovo	thinkpad_x1_tablet_\(20jx\)_firmware
68	Lenovo	thinkpad_x1_yoga_\(20jx\)_firmware
1	Hp	spectre_x360_firmware
2	Hp	envy_-_13t-ah100_firmware
3	Hp	envy_-_13t-aq100_firmware
4	Hp	envy_13-ah0xxx_firmware
5	Hp	envy_13-ah1xxx_firmware
6	Hp	envy_13-aq0xxx_firmware
7	Hp	envy_13-aq1xxx_firmware
8	Hp	envy_-_17t-bw000_firmware
9	Hp	envy_-_17t-ce000_firmware
10	Hp	envy_-_17t-ce100_firmware
11	Hp	envy_17-bw0xxx_firmware
12	Hp	envy_17-ce0xxx_firmware
13	Hp	envy_17-ce1xxx_firmware
14	Hp	envy_17m-bw0xxx_firmware
15	Hp	envy_17m-ce0xxx_firmware
16	Hp	envy_17m-ce1xxx_firmware
17	Hp	envy_x360_-_15t-cn000_firmware
18	Hp	envy_x360_-_15t-dr000_firmware
19	Hp	envy_x360_-_15t-dr000_\(validity_fps\)_firmware
20	Hp	envy_x360_-_15t-dr100_firmware
21	Hp	envy_x360_-_15t-dr100_\(validity_fps\)_firmware
22	Hp	envy_15-cn0xxx_x360_firmware
23	Hp	envy_15-cn1xxx_x360_firmware
24	Hp	envy_15-dr0xxx_x360_firmware
25	Hp	envy_15-dr0xxx_x360_\(validity_fps\)_firmware
26	Hp	envy_15-dr1xxx_x360_firmware
27	Hp	envy_15-dr1xxx_x360_\(validity_fps\)_firmware
28	Hp	envy_15m-cn0xxx_x360_firmware
29	Hp	envy_15m-dr0xxx_x360_firmware
30	Hp	envy_15m-dr0xxx_x360_\(validity_fps\)_firmware
31	Hp	envy_15m-dr1xxx_x360_firmware
32	Hp	envy_15m-dr1xxx_x360_\(validity_fps\)_firmware
33	Hp	pavilion_x360_-_14t-cd000_firmware
34	Hp	pavilion_x360_-_15t-dq000_firmware
35	Hp	pavilion_x360_-_15t-dq100_firmware
36	Hp	pavilion_x360_14t-cd100_firmware
37	Hp	pavilion_x360_14t-dh000_firmware
38	Hp	pavilion_14-cd1xxx_x360_firmware
39	Hp	pavilion_14-cd2xxx_x360_firmware
40	Hp	pavilion_14-dh0xxx_x360_firmware
41	Hp	pavilion_14m-cd0xxx_x360_firmware
42	Hp	pavilion_14m-dh0xxx_x360_firmware
43	Hp	pavilion_15_firmware
1	Synaptics	vfs75xx_firmware

: Total Affected Vendor : 3 | Products : 112

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-18619.

URL	Resource
https://support.hp.com/hk-en/document/c06696568	Patch Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-31372	Patch Third Party Advisory
https://www.synaptics.com/company/blog/	Vendor Advisory
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf	Vendor Advisory
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

uni-due-syssec/teerex-exploits

PoC exploits against various SGX enclaves

sgx exploit poc memory-corruption

C++ Makefile

Updated: 1 year, 7 months ago

15 stars 3 fork 3 watcher

Born at : April 3, 2020, 1:19 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-18619 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-18619 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Initial Analysis by [email protected]

Jul. 30, 2020

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://support.hp.com/hk-en/document/c06696568 No Types Assigned	https://support.hp.com/hk-en/document/c06696568 Patch, Third Party Advisory
Changed	Reference Type	https://support.lenovo.com/us/en/product_security/LEN-31372 No Types Assigned	https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory
Changed	Reference Type	https://www.synaptics.com/company/blog/ No Types Assigned	https://www.synaptics.com/company/blog/ Vendor Advisory
Changed	Reference Type	https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf No Types Assigned	https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf Vendor Advisory
Changed	Reference Type	https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ No Types Assigned	https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ Vendor Advisory
Added	CWE		NIST CWE-763
Added	CPE Configuration		AND OR cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.225.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.318.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.524.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.3530.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.3.3539.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.3.1116::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.8.1096::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.10.1093::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.11.1106::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.15.1102::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.38.1058::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.2734.1050::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.2811.1050::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.6.23.1000::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.14.1108::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.32.1104::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.42.1107::::::: OR cpe:2.3:h:synaptics:vfs75xx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_25_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_25:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thankpad_a475_firmware::::::::* versions up to (excluding) 5.02.3539.0026 OR cpe:2.3:h:lenovo:thankpad_a475:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thankpad_a485_firmware::::::::* versions up to (excluding) 5.03.3542.0026 OR cpe:2.3:h:lenovo:thankpad_a485:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e480_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e580_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e485_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e485:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e585_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e585:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e490s_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e490s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_s3_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_s3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e490_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e590_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_r490_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_r490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_r590_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_r590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_l480_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_l480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_l580_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_l580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p1_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p1_gen_2_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p1_gen_2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_extreme_2nd_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x1_extreme_2nd:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p43s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p43s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p50_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_p50:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20kx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20kx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p52_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p52:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p52s_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p52s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p53_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p53:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p53s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p53s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p70_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_p70:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p71_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p71_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p72_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p72:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p73_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p73:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t25_\(20k7\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t25_\(20k7\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t460p_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_t460p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t460s_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_t460s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470p_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470s_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470s_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470s_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470s_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t480_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t480s_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t480s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t490_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t490s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t490s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t570_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t570_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t570\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t570\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t580_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t590_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20kx\)_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20kx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_4th_gen_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_4th_gen:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_extreme_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware::::::::* versions up to (excluding) 5.5.40.1058 OR cpe:2.3:h:lenovo:thinkpad_x1_tablet:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_tablet_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.227.26 OR cpe:2.3:h:lenovo:thinkpad_x1_tablet_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_3rd_gen_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_3rd_gen:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x270_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x270:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x280_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x280:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x380_yoga_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x390_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x390:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x390_yoga_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x390_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_370_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_370:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_s1_3rd_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_s1_3rd:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_260:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_s1_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_s1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_a275_firmware::::::::* versions up to (excluding) 5.2.3535.26 OR cpe:2.3:h:lenovo:thinkpad_a275:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_13t-ah100_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_-_13t-ah100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_13t-aq100_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_13t-aq100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_13-ah0xxx_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_13-ah0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_13-ah1xxx_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_13-ah1xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_13-aq0xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_13-aq0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_13-aq1xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_13-aq1xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_17t-bw000_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_-_17t-bw000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_17t-ce000_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_17t-ce000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_-_17t-ce100_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_17t-ce100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17-bw0xxx_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_17-bw0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17-ce0xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17-ce0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17-ce1xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17-ce1xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17m-bw0xxx_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_17m-bw0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17m-ce0xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17m-ce0xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_17m-ce1xxx_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17m-ce1xxx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-cn000_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_x360_-_15t-cn000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-dr000_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_x360_-_15t-dr000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-dr000_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_x360_-_15t-dr000_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-dr100_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_x360_-_15t-dr100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_-_15t-dr100_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_x360_-_15t-dr100_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-cn0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15-cn0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-cn1xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15-cn1xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-dr0xxx_x360_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15-dr0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-dr0xxx_x360_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15-dr0xxx_x360_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-dr1xxx_x360_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15-dr1xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15-dr1xxx_x360_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15-dr1xxx_x360_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-cn0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15m-cn0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-dr0xxx_x360_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15m-dr0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-dr0xxx_x360_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15m-dr0xxx_x360_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-dr1xxx_x360_firmware::::::::* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15m-dr1xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_15m-dr1xxx_x360_\(validity_fps\)_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15m-dr1xxx_x360_\(validity_fps\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_-_14t-cd000_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_x360_-_14t-cd000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_-_15t-dq000_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_-_15t-dq000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_-_15t-dq100_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_-_15t-dq100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_14t-cd100_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_x360_14t-cd100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_14t-dh000_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_14t-dh000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14-cd1xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14-cd1xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14-cd2xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14-cd2xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14-dh0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_14-dh0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14m-cd0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14m-cd0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_14m-dh0xxx_x360_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_14m-dh0xxx_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_15_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_15:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:spectre_x360_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:spectre_x360:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-18619 is associated with the following CWEs:

CWE-763: Release of Invalid Pointer or Reference

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-18619 weaknesses.

CVE-2019-18619

Synaptics WBF SynaTee SGX Enclave Code Execution Vulnerability

Description

INFO

July 22, 2020, 2:15 p.m.

July 30, 2020, 7:28 p.m.

[email protected]

No

5.9

1.8

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

uni-due-syssec/teerex-exploits

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.04 }} 0.00%

0.05635

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable