medium
6
Advisory Published
Updated

CVE-2019-18618

First published: Wed Jul 22 2020(Updated: )

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Synaptics vfs75xx firmware=5.1.5.51
Synaptics vfs75xx firmware=5.1.337.26
Synaptics vfs75xx firmware=5.1.3507.26
Synaptics vfs75xx firmware=5.2.320.26
Synaptics vfs75xx firmware=5.2.524.26
Synaptics vfs75xx firmware=5.2.3109.26
Synaptics vfs75xx firmware=5.2.3530.26
Synaptics vfs75xx firmware=5.2.5024.26
Synaptics vfs75xx firmware=5.3.3541.26
Synaptics vfs75xx firmware=5.5.4.1116
Synaptics vfs75xx firmware=5.5.8.1092
Synaptics vfs75xx firmware=5.5.10.1100
Synaptics vfs75xx firmware=5.5.10.1106
Synaptics vfs75xx firmware=5.5.17.1099
Synaptics vfs75xx firmware=5.5.17.1102
Synaptics vfs75xx firmware=5.5.35.1058
Synaptics vfs75xx firmware=5.5.502.79
Synaptics vfs75xx firmware=5.5.512.1051
Synaptics vfs75xx firmware=5.5.2734.1050
Synaptics vfs75xx firmware=5.5.2810.1050
Synaptics VFS75xx
lenovo thinkpad 25 firmware<5.2.3540.26
lenovo thinkpad 25
lenovo thankpad a475 firmware<5.02.3539.0026
lenovo thankpad a475
lenovo thankpad a485 firmware<5.03.3542.0026
lenovo thankpad a485
Lenovo ThinkPad e480 firmware<5.2.321.26
lenovo thinkpad e480
Lenovo ThinkPad e580 firmware<5.2.321.26
lenovo thinkpad e580
lenovo ThinkPad e485 firmware<5.2.321.26
lenovo ThinkPad e485
lenovo thinkpad e585 firmware<5.2.321.26
lenovo thinkpad e585
Lenovo thinkpad e490s firmware<5.2.321.26
Lenovo thinkpad e490s
Lenovo ThinkPad s3 firmware<5.2.321.26
Lenovo ThinkPad s3
Lenovo thinkpad e490 firmware<5.2.321.26
Lenovo thinkpad e490
Lenovo thinkpad e590 firmware<5.2.321.26
Lenovo thinkpad e590
Lenovo ThinkPad r490 firmware<5.2.321.26
Lenovo ThinkPad r490
Lenovo ThinkPad r590 firmware<5.2.321.26
Lenovo ThinkPad r590
Lenovo ThinkPad l480 firmware<5.3.3542.26
lenovo thinkpad l480
Lenovo ThinkPad l580 firmware<5.3.3542.26
lenovo thinkpad l580
Lenovo ThinkPad P1 Firmware<5.3.3542.26
Lenovo ThinkPad P1
Lenovo ThinkPad P1 Firmware<6.0.36.1105
Lenovo Thinkpad P1 Gen 2
lenovo thinkpad x1 extreme 2nd firmware<6.0.36.1105
lenovo thinkpad x1 extreme 2nd
Lenovo ThinkPad P43s<6.0.36.1105
Lenovo Thinkpad P43s Firmware
Lenovo ThinkPad p50 firmware<5.1.338.26
Lenovo ThinkPad p50
Lenovo ThinkPad P51 Firmware<5.2.3540.26
Lenovo ThinkPad P51
lenovo thinkpad p51s \(20jx\) firmware<5.2.3540.26
lenovo thinkpad p51s \(20jx\)
lenovo thinkpad p51s \(20kx\) firmware<5.2.3540.26
lenovo thinkpad p51s \(20kx\)
lenovo thinkpad p51s \(20hx\) firmware<5.2.3540.26
lenovo thinkpad p51s \(20hx\)
Lenovo ThinkPad P52 Firmware<5.2.3540.26
Lenovo ThinkPad P52
Lenovo ThinkPad P52s Firmware<5.3.3542.26
Lenovo ThinkPad P52s Firmware
Lenovo ThinkPad P53s Firmware<6.0.36.1105
Lenovo ThinkPad P53s
Lenovo ThinkPad P53s Firmware<6.0.36.1105
Lenovo ThinkPad P53s Firmware
Lenovo ThinkPad P70 Firmware<5.1.338.26
Lenovo ThinkPad P70 Firmware
lenovo thinkpad p71 \(20hx\) firmware<5.2.3540.26
lenovo thinkpad p71 \(20hx\)
Lenovo ThinkPad P72 Firmware<5.3.3542.26
Lenovo ThinkPad P72
Lenovo thinkpad p73 firmware<5.3.3542.26
Lenovo ThinkPad P73
lenovo thinkpad t25 \(20k7\) firmware<5.2.3540.26
lenovo thinkpad t25 \(20k7\)
Lenovo ThinkPad T460p firmware<5.1.338.26
Lenovo ThinkPad T460p BIOS
Lenovo ThinkPad t460s firmware<5.1.338.26
Lenovo ThinkPad t460s
lenovo thinkpad t470 \(20hx\) firmware<5.2.3540.26
lenovo thinkpad t470 \(20hx\)
lenovo thinkpad t470 \(20jx\) firmware<5.2.3540.26
lenovo thinkpad t470 \(20jx\)
Lenovo ThinkPad T470p firmware<5.2.3540.26
lenovo thinkpad t470p
lenovo thinkpad t470s \(20hx\) firmware<5.2.3540.26
lenovo thinkpad t470s \(20hx\)
lenovo thinkpad t470s \(20jx\) firmware<5.2.3540.26
lenovo thinkpad t470s \(20jx\)
Lenovo ThinkPad t480 firmware<5.3.3542.26
lenovo thinkpad t480
Lenovo ThinkPad t480s firmware<5.3.3542.26
lenovo thinkpad t480s
Lenovo ThinkPad T490 Firmware<6.0.36.1105
Lenovo ThinkPad T490 (20QX)
Lenovo ThinkPad T490s Firmware<6.0.36.1105
Lenovo ThinkPad T490s Firmware
lenovo thinkpad t570 \(20hx\) firmware<5.2.3540.26
lenovo thinkpad t570 \(20hx\)
lenovo thinkpad t570\(20jx\) firmware<5.2.3540.26
lenovo thinkpad t570\(20jx\)
Lenovo ThinkPad t580 firmware<5.3.3542.26
lenovo thinkpad t580
Lenovo ThinkPad T590 Firmware<6.0.36.1105
Lenovo ThinkPad T590
lenovo thinkpad x1 carbon \(20hx\) firmware<5.2.3540.26
lenovo thinkpad x1 carbon \(20hx\)
lenovo thinkpad x1 carbon \(20kx\) firmware<5.3.3542.26
lenovo thinkpad x1 carbon \(20kx\)
Lenovo ThinkPad x1 carbon firmware<5.1.338.26
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Yoga 4th Gen<5.1.338.26
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Extreme Firmware<5.3.3542.26
Lenovo ThinkPad X1 Extreme Firmware
Lenovo ThinkPad x1 tablet firmware<5.5.40.1058
lenovo thinkpad x1 tablet
lenovo thinkpad x1 tablet \(20jx\) firmware<5.2.227.26
lenovo thinkpad x1 tablet \(20jx\)
Lenovo ThinkPad x1 yoga firmware<5.1.338.26
Lenovo ThinkPad X1 Yoga
lenovo thinkpad x1 yoga \(20jx\) firmware<5.2.3540.26
lenovo thinkpad x1 yoga \(20jx\)
lenovo thinkpad x1 yoga 3rd gen firmware<5.3.3542.26
lenovo thinkpad x1 yoga 3rd gen
Lenovo ThinkPad x270 firmware<5.2.3540.26
Lenovo ThinkPad x270
Lenovo ThinkPad x280 firmware<5.3.3542.26
lenovo thinkpad x280
Lenovo ThinkPad x380 yoga firmware<5.3.3542.26
lenovo thinkpad x380 yoga
Lenovo ThinkPad x390 Firmware<6.0.36.1105
Lenovo ThinkPad x390
Lenovo thinkpad x390 yoga firmware<6.0.36.1105
Lenovo thinkpad x390 yoga
Lenovo ThinkPad yoga 370 firmware<5.2.3540.26
lenovo thinkpad yoga 370
Lenovo ThinkPad s1 3rd firmware<5.2.3540.26
Lenovo ThinkPad s1 3rd
lenovo thinkpad yoga 260 firmware<5.1.338.26
Lenovo ThinkPad Yoga 260
lenovo thinkpad yoga s1 firmware<5.1.338.26
lenovo thinkpad yoga s1
lenovo ThinkPad a275 firmware<5.2.3535.26
lenovo ThinkPad a275
hp elite x2 1012 g2 firmware<5.2.5026.26
HP EliteBook Folio 1012 x2 G2
hp elite x2 1013 g3 firmware<5.5.21.1099
hp elite x2 1013 g3
hp elite x2 g4 firmware<5.5.21.1099
hp elite x2 g4
hp elitebook 1040 g4 firmware<5.2.5026.26
hp elitebook 1040 g4
hp elitebook 1050 g1 firmware<5.5.21.1099
hp elitebook 1050 g1
hp elitebook 735 g5 firmware<5.5.21.1099
hp elitebook 735 g5
hp elitebook 735 g6 firmware<5.5.21.1099
hp elitebook 735 g6
hp elitebook 745 g5 firmware<5.5.21.1099
hp elitebook 745 g5
hp elitebook 745 g6 firmware<5.5.21.1099
hp elitebook 745 g6
hp elitebook 755 g5 firmware<5.5.21.1099
hp elitebook 755 g5
hp elitebook 830 g5 firmware<5.5.21.1099
hp elitebook 830 g5
hp elitebook 830 g6 firmware<5.5.21.1099
hp elitebook 830 g6
hp elitebook 836 g5 firmware<5.5.21.1099
hp elitebook 836 g5
hp elitebook 836 g6 firmware<5.5.21.1099
hp elitebook 836 g6
hp elitebook 840 g5 firmware<5.5.21.1099
hp elitebook 840 g5
hp elitebook 840 g5 healthcare edition firmware<5.5.21.1099
hp elitebook 840 g5 healthcare edition
hp elitebook 840 g6 firmware<5.5.21.1099
hp elitebook 840 g6
hp elitebook 840 g6 healthcare edition firmware<5.5.21.1099
hp elitebook 840 g6 healthcare edition
hp elitebook 846 g5 firmware<5.5.21.1099
hp elitebook 846 g5
hp elitebook 846 g5 healthcare edition firmware<5.5.21.1099
hp elitebook 846 g5 healthcare edition
hp elitebook 846 g6 firmware<5.5.21.1099
hp elitebook 846 g6
hp elitebook 846 g6 healthcare edition firmware<5.5.21.1099
hp elitebook 846 g6 healthcare edition
hp elitebook 850 g5 firmware<5.5.21.1099
hp elitebook 850 g5
hp elitebook 850 g6 firmware<5.5.21.1099
hp elitebook 850 g6
hp elitebook x360 1020 g2 firmware<5.2.5026.26
hp elitebook x360 1020 g2
hp elitebook x360 1030 g2 firmware<5.2.5026.26
hp elitebook x360 1030 g2
hp elitebook x360 1030 g3 firmware<5.5.21.1099
hp elitebook x360 1030 g3
hp elitebook x360 1030 g4 firmware<5.5.21.1099
hp elitebook x360 1030 g4
hp elitebook x360 1040 g5 firmware<5.5.21.1099
hp elitebook x360 1040 g5
hp elitebook x360 1040 g6 firmware<5.5.21.1099
hp elitebook x360 1040 g6
hp elitebook x360 830 g5 firmware<5.5.21.1099
hp elitebook x360 830 g5
hp elitebook x360 830 g6 firmware<5.5.21.1099
hp elitebook x360 830 g6
hp pro x2 612 g2 firmware<5.2.5026.26
hp pro x2 612 g2
hp probook 430 g6 firmware<5.5.21.1099
hp probook 430 g6
hp probook 440 g6 firmware<5.5.21.1099
hp probook 440 g6
hp probook 445 g6 firmware<5.5.21.1099
hp probook 445 g6
hp probook 445r g6 firmware<5.5.21.1099
hp probook 445r g6
hp probook 450 g6 firmware<5.5.21.1099
hp probook 450 g6
hp probook 455 g6 firmware<5.5.21.1099
hp probook 455 g6
hp probook 455r g6 firmware<5.5.21.1099
hp probook 455r g6
hp probook 640 g5 firmware<5.5.21.1099
hp probook 640 g5
hp probook 650 g5 firmware<5.5.21.1099
hp probook 650 g5
HP ZBook 14u G5 Firmware<5.5.21.1099
HP ZBook 14u G5 Firmware
hp zbook 14u g6 firmware<5.5.21.1099
HP ZBook 14u G6 Mobile Workstation
hp zbook 15 g5 firmware<5.5.21.1099
hp zbook 15 g5
hp zbook 15 g6 firmware<5.5.21.1099
hp zbook 15 g6
hp zbook 15u g5 firmware<5.5.21.1099
hp zbook 15u g5
hp zbook 15u g6 firmware<5.5.21.1099
hp zbook 15u g6
HP ZBook 17 G5 Firmware<5.5.21.1099
hp zbook 17 g5
hp zbook 17 g6 firmware<5.5.21.1099
hp zbook 17 g6
hp zbook studio g5 firmware<5.5.21.1099
HP ZBook Studio G5
hp zbook studio x360 g5 firmware<5.5.21.1099
hp zbook studio x360 g5
hp zhan 66 pro 13 g2 firmware<5.5.21.1099
hp zhan 66 pro 13 g2
hp zhan 66 pro 14 g2 firmware<5.5.21.1099
HP Zhan 66 Pro 14 G2
HP Zhan 66 Pro 15 G2 Firmware<5.5.21.1099
HP Zhan 66 Pro 15 G2 Firmware
HP Zhan X 13 G2 Firmware<5.5.21.1099
HP Zhan X 13 G2 Firmware
hp elite slice firmware<5.2.3110.26
hp elite slice
hp eliteone 1000 g1 firmware<5.2.5026.26
hp eliteone 1000 g1
hp eliteone 1000 g2 firmware<5.5.21.1099
hp eliteone 1000 g2
hp mt44 firmware<5.5.21.1099
hp mt44
hp mt45 firmware<5.5.21.1099
hp mt45
hp envy x360 firmware<5.5.26.1102
HP Envy 15 x360
hp pavilion x360 firmware<5.5.8.1116
HP Pavilion x360
hp spectre x360 firmware<5.5.26.1102
hp spectre x360

Remedy

https://support.hp.com/us-en/document/c06696474

Remedy

https://support.lenovo.com/us/en/product_security/LEN-31372

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-18618?

    CVE-2019-18618 has a high severity rating due to the potential for a local administrator or physical attacker to compromise the confidentiality of sensor data.

  • How do I fix CVE-2019-18618?

    To fix CVE-2019-18618, users should update the firmware of the affected Synaptics VFS75xx fingerprint sensors to versions released after November 15, 2019.

  • Who is affected by CVE-2019-18618?

    CVE-2019-18618 affects all firmware versions of Synaptics VFS75xx fingerprint sensors prior to the November 15, 2019 update.

  • What are the potential impacts of CVE-2019-18618?

    The potential impacts of CVE-2019-18618 include unauthorized access to sensitive sensor data, leading to privacy violations.

  • Is CVE-2019-18618 being actively exploited?

    As of the latest updates, there are no reports of active exploitation of CVE-2019-18618 in the wild, but it remains a serious concern.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203