Vulnerabilites related to hp - synaptics_touchpad_driver
Vulnerability from fkie_nvd
Published
2017-12-15 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.hp.com/us-en/document/c05827409 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://www.synaptics.com/company/blog/touchpad-security-brief | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://zwclose.github.io/HP-keylogger/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hp.com/us-en/document/c05827409 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synaptics.com/company/blog/touchpad-security-brief | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zwclose.github.io/HP-keylogger/ | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | synaptics_touchpad_driver | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:synaptics_touchpad_driver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "066AC820-3B48-442F-9848-5F9EA503F0C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys."
},
{
"lang": "es",
"value": "Una herramienta de depuraci\u00f3n en controladores Synaptics TouchPad permite que usuarios locales con acceso de administrador obtengan informaci\u00f3n sensible sobre c\u00f3digos de escaneo de teclado mediante la modificaci\u00f3n de claves de registro."
}
],
"id": "CVE-2017-17556",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-15T19:29:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c05827409"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.synaptics.com/company/blog/touchpad-security-brief"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://zwclose.github.io/HP-keylogger/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c05827409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.synaptics.com/company/blog/touchpad-security-brief"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://zwclose.github.io/HP-keylogger/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:51
Severity ?
Summary
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/106799 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.lenovo.com/us/en/product_security/LEN-23156 | Third Party Advisory | |
| cve@mitre.org | https://www.synaptics.com/products/touchpad-family | Vendor Advisory | |
| cve@mitre.org | https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106799 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/product_security/LEN-23156 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synaptics.com/products/touchpad-family | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | synaptics_touchpad_driver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:synaptics_touchpad_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "261F933C-0DEE-46F3-8CB2-78BDA6BA0285",
"versionEndIncluding": "2018-06-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses."
},
{
"lang": "es",
"value": "SynTP.sys en los controladores de Synaptics Touchpad, en versiones anteriores al 06/06/2018, permite que los usuarios locales obtengan informaci\u00f3n sensible sobre las direcciones de memoria liberadas."
}
],
"id": "CVE-2018-15532",
"lastModified": "2024-11-21T03:51:00.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:21.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106799"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-23156"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synaptics.com/products/touchpad-family"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-23156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synaptics.com/products/touchpad-family"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-17556 (GCVE-0-2017-17556)
Vulnerability from cvelistv5
Published
2017-12-15 19:00
Modified
2024-08-05 20:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.synaptics.com/company/blog/touchpad-security-brief | x_refsource_CONFIRM | |
| https://zwclose.github.io/HP-keylogger/ | x_refsource_MISC | |
| https://support.hp.com/us-en/document/c05827409 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:32.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synaptics.com/company/blog/touchpad-security-brief"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zwclose.github.io/HP-keylogger/"
},
{
"name": "HPSBHF03564",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/c05827409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synaptics.com/company/blog/touchpad-security-brief"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zwclose.github.io/HP-keylogger/"
},
{
"name": "HPSBHF03564",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://support.hp.com/us-en/document/c05827409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synaptics.com/company/blog/touchpad-security-brief",
"refsource": "CONFIRM",
"url": "https://www.synaptics.com/company/blog/touchpad-security-brief"
},
{
"name": "https://zwclose.github.io/HP-keylogger/",
"refsource": "MISC",
"url": "https://zwclose.github.io/HP-keylogger/"
},
{
"name": "HPSBHF03564",
"refsource": "HP",
"url": "https://support.hp.com/us-en/document/c05827409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17556",
"datePublished": "2017-12-15T19:00:00",
"dateReserved": "2017-12-11T00:00:00",
"dateUpdated": "2024-08-05T20:51:32.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15532 (GCVE-0-2018-15532)
Vulnerability from cvelistv5
Published
2019-03-17 21:23
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106799 | x_refsource_MISC | |
| https://support.lenovo.com/us/en/product_security/LEN-23156 | x_refsource_MISC | |
| https://www.synaptics.com/products/touchpad-family | x_refsource_MISC | |
| https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-23156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synaptics.com/products/touchpad-family"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T21:23:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/106799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-23156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synaptics.com/products/touchpad-family"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/106799",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/106799"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-23156",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-23156"
},
{
"name": "https://www.synaptics.com/products/touchpad-family",
"refsource": "MISC",
"url": "https://www.synaptics.com/products/touchpad-family"
},
{
"name": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf",
"refsource": "CONFIRM",
"url": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15532",
"datePublished": "2019-03-17T21:23:10",
"dateReserved": "2018-08-19T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}