CxUIUSvc64.exe CVE-2024-9157
HIGHSeverity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
UNSUPPORTED WHEN ASSIGNED
A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process.
Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.
AnalysisAI
CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers is affected by improper access control (CVSS 7.8).
Technical ContextAI
This vulnerability (CWE-284: Improper Access Control) affects CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers. UNSUPPORTED WHEN ASSIGNED
A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process.
Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.
Affected ProductsAI
Product: CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-284 – Improper Access Control
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today