Vulnerabilities > CVE-2021-3675 - Out-of-bounds Write vulnerability in Synaptics Fingerprint Driver

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

synaptics

CWE-787

NVD

Published: 2022-06-16

Updated: 2023-06-26

Summary

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.

Vulnerable Configurations

Part	Description	Count
Application	Synaptics Synaptics Fingerprint Driver 5.2.200.26 Synaptics Fingerprint Driver 5.2.0000.26 Synaptics Fingerprint Driver 5.2.229.26 Synaptics Fingerprint Driver 5.1.000.26 Synaptics Fingerprint Driver 6.0.00.1111 Synaptics Fingerprint Driver 5.5.00.1116 Synaptics Fingerprint Driver 5.5.00.1102 Synaptics Fingerprint Driver 5.5.14.1116 Synaptics Fingerprint Driver 5.5.00.1058 Synaptics Fingerprint Driver 5.5.34.1102 Synaptics Fingerprint Driver 5.3.0000.26 Synaptics Fingerprint Driver *	12

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References