medium
6
Advisory Published
Updated

CVE-2019-18618

First published: Wed Jul 22 2020(Updated: )

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Synaptics VFS75xx Firmware=5.1.5.51
Synaptics VFS75xx Firmware=5.1.337.26
Synaptics VFS75xx Firmware=5.1.3507.26
Synaptics VFS75xx Firmware=5.2.320.26
Synaptics VFS75xx Firmware=5.2.524.26
Synaptics VFS75xx Firmware=5.2.3109.26
Synaptics VFS75xx Firmware=5.2.3530.26
Synaptics VFS75xx Firmware=5.2.5024.26
Synaptics VFS75xx Firmware=5.3.3541.26
Synaptics VFS75xx Firmware=5.5.4.1116
Synaptics VFS75xx Firmware=5.5.8.1092
Synaptics VFS75xx Firmware=5.5.10.1100
Synaptics VFS75xx Firmware=5.5.10.1106
Synaptics VFS75xx Firmware=5.5.17.1099
Synaptics VFS75xx Firmware=5.5.17.1102
Synaptics VFS75xx Firmware=5.5.35.1058
Synaptics VFS75xx Firmware=5.5.502.79
Synaptics VFS75xx Firmware=5.5.512.1051
Synaptics VFS75xx Firmware=5.5.2734.1050
Synaptics VFS75xx Firmware=5.5.2810.1050
Synaptics VFS75xx Firmware
Lenovo ThinkPad T25 Firmware<5.2.3540.26
Lenovo ThinkPad 25 Firmware
Lenovo ThinkPad A475 Firmware<5.02.3539.0026
Lenovo ThinkPad A475 Firmware
Lenovo ThinkPad A485 Firmware<5.03.3542.0026
Lenovo ThinkPad A485 Firmware
Lenovo ThinkPad E480<5.2.321.26
Lenovo ThinkPad E480
Lenovo ThinkPad E580 Firmware<5.2.321.26
Lenovo Thinkpad E580
Lenovo ThinkPad E485 Firmware<5.2.321.26
Lenovo ThinkPad E485
Lenovo ThinkPad E585 Firmware<5.2.321.26
Lenovo ThinkPad E585 Firmware
Lenovo ThinkPad E490s Firmware<5.2.321.26
Lenovo ThinkPad E490s Firmware
Lenovo ThinkPad S3 3rd Gen Firmware<5.2.321.26
Lenovo ThinkPad S3 Firmware
Lenovo ThinkPad E490 Firmware<5.2.321.26
Lenovo ThinkPad E490
Lenovo ThinkPad E590 Firmware<5.2.321.26
Lenovo ThinkPad E590
Lenovo ThinkPad R490 Firmware<5.2.321.26
Lenovo ThinkPad R490 Firmware
Lenovo ThinkPad R590 Firmware<5.2.321.26
Lenovo ThinkPad R590 Firmware
Lenovo ThinkPad L480 Firmware<5.3.3542.26
Lenovo ThinkPad L480
Lenovo ThinkPad L580 Firmware<5.3.3542.26
Lenovo ThinkPad L580 Firmware
Lenovo ThinkPad P1 Firmware<5.3.3542.26
Lenovo ThinkPad P1 Firmware
Lenovo ThinkPad P1 Firmware<6.0.36.1105
Lenovo Thinkpad P1 Gen 2
Lenovo ThinkPad X1 Extreme 2nd Gen Firmware<6.0.36.1105
Lenovo ThinkPad X1 Extreme (2nd Gen)
Lenovo ThinkPad P43s Firmware<6.0.36.1105
Lenovo Thinkpad P43s Firmware
Lenovo ThinkPad P50s Firmware<5.1.338.26
Lenovo ThinkPad P50 Firmware
Lenovo ThinkPad P51 Firmware<5.2.3540.26
Lenovo ThinkPad P51
Lenovo ThinkPad P51s Firmware<5.2.3540.26
Lenovo ThinkPad P51s (20JX)
Lenovo ThinkPad P51s Firmware<5.2.3540.26
Lenovo ThinkPad P51s
Lenovo ThinkPad P51s (20HX) Firmware<5.2.3540.26
Lenovo ThinkPad P51s
Lenovo ThinkPad P52 Firmware<5.2.3540.26
Lenovo ThinkPad P52
Lenovo ThinkPad P52s Firmware<5.3.3542.26
Lenovo ThinkPad P52s Firmware
Lenovo ThinkPad P53 Firmware<6.0.36.1105
Lenovo ThinkPad P53s
Lenovo ThinkPad P53s Firmware<6.0.36.1105
Lenovo ThinkPad P53s Firmware
Lenovo ThinkPad P70 Firmware<5.1.338.26
Lenovo ThinkPad P70 BIOS
Lenovo ThinkPad P71 Firmware<5.2.3540.26
Lenovo ThinkPad P71
Lenovo ThinkPad P72 Firmware<5.3.3542.26
Lenovo ThinkPad P72 Firmware
Lenovo ThinkPad P73 Firmware<5.3.3542.26
Lenovo ThinkPad P73
Lenovo ThinkPad T25 Firmware<5.2.3540.26
Lenovo ThinkPad T25 (20K7)
Lenovo ThinkPad T460p Firmware<5.1.338.26
Lenovo ThinkPad T460p BIOS
Lenovo ThinkPad T460s Firmware<5.1.338.26
Lenovo ThinkPad T460s Firmware
Lenovo ThinkPad T470 (20HX) Firmware<5.2.3540.26
Lenovo ThinkPad T470 (20HX)
Lenovo ThinkPad T470 (20JX) Firmware<5.2.3540.26
Lenovo ThinkPad T470 (20JX)
Lenovo ThinkPad T470p firmware<5.2.3540.26
Lenovo ThinkPad T470p firmware
Lenovo ThinkPad T470s (20HX) Firmware<5.2.3540.26
Lenovo ThinkPad T470s
Lenovo ThinkPad T470s (20JX) Firmware<5.2.3540.26
Lenovo ThinkPad T470s (20JX)
Lenovo ThinkPad T480 Firmware<5.3.3542.26
Lenovo ThinkPad T480
Lenovo ThinkPad T480s Firmware<5.3.3542.26
Lenovo ThinkPad T480s Firmware
Lenovo ThinkPad T490 Firmware<6.0.36.1105
Lenovo ThinkPad T490 (20QX)
Lenovo ThinkPad T490s Firmware<6.0.36.1105
Lenovo ThinkPad T490s Firmware
Lenovo ThinkPad T570 (20HX) Firmware<5.2.3540.26
Lenovo ThinkPad T570
Lenovo ThinkPad T570 (20JX) Firmware<5.2.3540.26
Lenovo ThinkPad T570
Lenovo ThinkPad T580 Firmware<5.3.3542.26
Lenovo ThinkPad T580
Lenovo ThinkPad T590 Firmware<6.0.36.1105
Lenovo ThinkPad T590
Lenovo ThinkPad X1 Carbon Firmware<5.2.3540.26
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Carbon (20KX) Firmware<5.3.3542.26
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Carbon Firmware<5.1.338.26
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Yoga 4th Gen<5.1.338.26
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Extreme 2nd Gen Firmware<5.3.3542.26
Lenovo ThinkPad X1 Extreme (2nd Gen)
Lenovo ThinkPad X1 Tablet Firmware<5.5.40.1058
Lenovo ThinkPad X1 Tablet
Lenovo ThinkPad X1 Tablet Firmware<5.2.227.26
lenovo thinkpad x1 tablet
Lenovo ThinkPad X1 Yoga (20SX) Firmware<5.1.338.26
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Yoga Firmware<5.2.3540.26
Lenovo ThinkPad X1 Yoga (20JX)
Lenovo ThinkPad X1 Yoga Gen 3 Firmware<5.3.3542.26
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad x270 firmware<5.2.3540.26
Lenovo ThinkPad X270
Lenovo ThinkPad X280 Firmware<5.3.3542.26
Lenovo ThinkPad X280 Firmware
Lenovo ThinkPad x380 Yoga Firmware<5.3.3542.26
Lenovo ThinkPad X380 Yoga
Lenovo ThinkPad X390 Firmware<6.0.36.1105
Lenovo ThinkPad X390 Yoga
Lenovo ThinkPad X390 Yoga Firmware<6.0.36.1105
Lenovo ThinkPad X390 Yoga Firmware
Lenovo ThinkPad Yoga 370 Firmware<5.2.3540.26
Lenovo ThinkPad Yoga 370 Firmware
Lenovo ThinkPad S1 Firmware<5.2.3540.26
Lenovo ThinkPad S1
Lenovo ThinkPad Yoga 260 S1 Firmware<5.1.338.26
Lenovo ThinkPad Yoga 260 Firmware
Lenovo ThinkPad S1 Yoga Firmware<5.1.338.26
Lenovo ThinkPad S1 Yoga
Lenovo ThinkPad A275 Firmware<5.2.3535.26
Lenovo ThinkPad A275 Firmware
HP Elite x2 1012 G2 Firmware<5.2.5026.26
HP Elite x2 1012 G2 Firmware
HP Elite x2 1013 G3<5.5.21.1099
HP Elite x2 1013 G3 Firmware
HP Elite x2 G4<5.5.21.1099
HP Elite x2 G4 Firmware
HP EliteBook 1040 G4<5.2.5026.26
HP EliteBook 1040 G4 Firmware
HP EliteBook 1050 G1 Firmware<5.5.21.1099
HP EliteBook 1050 G1
HP EliteBook 735 G5<5.5.21.1099
HP EliteBook 735 G5
HP EliteBook 735 G6<5.5.21.1099
HP EliteBook 735 G6 Firmware
HP EliteBook 745 G5 Firmware<5.5.21.1099
HP EliteBook 745 G5 Firmware
HP EliteBook 745 G6 Firmware<5.5.21.1099
HP EliteBook 745 G6
HP EliteBook 755 G5 Firmware<5.5.21.1099
HP EliteBook 755 G5 Firmware
HP EliteBook 830 G5 Firmware<5.5.21.1099
HP EliteBook 830 G5 Firmware
HP EliteBook x360 830 G6 Firmware<5.5.21.1099
HP EliteBook 830 G6 Firmware
HP EliteBook 836 G5<5.5.21.1099
HP EliteBook 836 G5 Firmware
HP EliteBook 836 G6 Firmware<5.5.21.1099
HP EliteBook 836 G6 Firmware
HP EliteBook 840 G5 Healthcare Edition Firmware<5.5.21.1099
HP EliteBook 840 G5 Healthcare Edition
HP EliteBook 840 G5 Healthcare Edition<5.5.21.1099
HP EliteBook 840 G5 Healthcare Edition Firmware
HP EliteBook 840 G6 Firmware<5.5.21.1099
HP EliteBook 840 G6 Firmware
HP EliteBook 840 G6 Healthcare Edition Firmware<5.5.21.1099
HP EliteBook 840 G6 Healthcare Edition Firmware
HP EliteBook 846 G5<5.5.21.1099
HP EliteBook 846 G5 Healthcare Edition
HP EliteBook 846 G5 Healthcare Edition Firmware<5.5.21.1099
HP EliteBook 846 G5 Healthcare Edition Firmware
HP EliteBook 846 G6 Firmware<5.5.21.1099
HP EliteBook 846 G6 Firmware
HP EliteBook 846 G6 Healthcare Edition Firmware<5.5.21.1099
HP EliteBook 846 G6 Healthcare Edition Firmware
HP EliteBook 850 G5 Firmware<5.5.21.1099
HP EliteBook 850 G5 Firmware
HP EliteBook 850 G6 Firmware<5.5.21.1099
HP EliteBook 850 G6 Firmware
HP EliteBook x360 1020 G2<5.2.5026.26
HP EliteBook x360 1020 G2
HP EliteBook x360 1030 G2 Firmware<5.2.5026.26
HP EliteBook x360 1030 G2 Firmware
HP EliteBook x360 1030 G3 Firmware<5.5.21.1099
HP EliteBook x360 1030 G3 Firmware
HP EliteBook x360 1030 G4<5.5.21.1099
HP EliteBook x360 1030 G4 Firmware
HP EliteBook x360 1040 G5<5.5.21.1099
HP EliteBook x360 1040 G5 Firmware
HP EliteBook x360 1040 G6<5.5.21.1099
HP EliteBook x360 1040 G6
HP EliteBook x360 830 G5 Firmware<5.5.21.1099
HP EliteBook x360 830 G5 Firmware
HP EliteBook x360 830 G6 Firmware<5.5.21.1099
HP EliteBook x360 830 G6 Firmware
HP Pro x2 612 G2 Firmware<5.2.5026.26
HP Pro x2 612 G2 Firmware
HP ProBook 430 G6<5.5.21.1099
HP ProBook 430 G6 Firmware
HP ProBook 440 G6<5.5.21.1099
HP ProBook 440 G6 Firmware
HP ProBook 445R G6<5.5.21.1099
HP ProBook 445R G6
HP ProBook 445R G6<5.5.21.1099
HP ProBook 445 G6 Firmware
HP ProBook 450 G6 Firmware<5.5.21.1099
HP ProBook 450 G6 Firmware
HP ProBook 455 G6 Firmware<5.5.21.1099
HP ProBook 455 G6 Firmware
HP ProBook 455r G6 Firmware<5.5.21.1099
HP ProBook 455r G6 Firmware
HP ProBook 640 G5<5.5.21.1099
HP ProBook 640 G5 Firmware
HP ProBook 650 G5 Firmware<5.5.21.1099
HP ProBook 650 G5 Firmware
HP ZBook 14u G5 Firmware<5.5.21.1099
HP ZBook 14u G5 Firmware
HP ZBook 14u G6 Firmware<5.5.21.1099
HP ZBook 14u G6 Mobile Workstation
HP ZBook 15 G5<5.5.21.1099
HP ZBook 15 G5 Firmware
HP ZBook 15u G6 Firmware<5.5.21.1099
HP ZBook 15 G6
HP ZBook 15u G5<5.5.21.1099
HP ZBook 15u G5 Firmware
HP ZBook 15u G6 Firmware<5.5.21.1099
HP ZBook 15u G6 Firmware
HP ZBook 17 G5 Firmware<5.5.21.1099
HP ZBook 17
HP ZBook 17 G6<5.5.21.1099
HP ZBook 17 G6 Firmware
HP ZBook Studio G5<5.5.21.1099
HP ZBook Studio G5
HP ZBook Studio x360 G5 Firmware<5.5.21.1099
HP ZBook Studio x360 G5 Firmware
HP Zhan 66 Pro 13 G2<5.5.21.1099
HP Zhan 66 Pro 13 G2 Firmware
HP Zhan 66 Pro 14 G2 Firmware<5.5.21.1099
HP Zhan 66 Pro 14 G2 Firmware
HP Zhan 66 Pro 15 G2<5.5.21.1099
HP Zhan 66 Pro 15 G2
HP Zhan X 13 G2 Firmware<5.5.21.1099
HP Zhan X 13 G2 Firmware
HP Elite Slice Firmware<5.2.3110.26
HP Elite Slice Firmware
HP EliteOne 1000 G1<5.2.5026.26
HP EliteOne 1000 G1 Firmware
HP EliteOne 1000 G2<5.5.21.1099
HP ElitePad 1000 G2
HP MT44<5.5.21.1099
HP MT44 Firmware
HP mt45 firmware<5.5.21.1099
HP MT45 Mobile Thin Client
HP Envy x360 Firmware<5.5.26.1102
HP Envy x360 Firmware
HP Pavilion x360<5.5.8.1116
HP Pavilion x360
HP Spectre x360 Firmware<5.5.26.1102
HP Spectre x360 16-f0xxx

Remedy

https://support.hp.com/us-en/document/c06696474

Remedy

https://support.lenovo.com/us/en/product_security/LEN-31372

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-18618?

    CVE-2019-18618 has a high severity rating due to the potential for a local administrator or physical attacker to compromise the confidentiality of sensor data.

  • How do I fix CVE-2019-18618?

    To fix CVE-2019-18618, users should update the firmware of the affected Synaptics VFS75xx fingerprint sensors to versions released after November 15, 2019.

  • Who is affected by CVE-2019-18618?

    CVE-2019-18618 affects all firmware versions of Synaptics VFS75xx fingerprint sensors prior to the November 15, 2019 update.

  • What are the potential impacts of CVE-2019-18618?

    The potential impacts of CVE-2019-18618 include unauthorized access to sensitive sensor data, leading to privacy violations.

  • Is CVE-2019-18618 being actively exploited?

    As of the latest updates, there are no reports of active exploitation of CVE-2019-18618 in the wild, but it remains a serious concern.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203