high
7.8
CWE
763
Advisory Published
Updated

CVE-2019-18619

First published: Wed Jul 22 2020(Updated: )

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Synaptics VFS75xx Firmware=5.2.225.26
Synaptics VFS75xx Firmware=5.2.318.26
Synaptics VFS75xx Firmware=5.2.524.26
Synaptics VFS75xx Firmware=5.2.3530.26
Synaptics VFS75xx Firmware=5.3.3539.26
Synaptics VFS75xx Firmware=5.5.3.1116
Synaptics VFS75xx Firmware=5.5.8.1096
Synaptics VFS75xx Firmware=5.5.10.1093
Synaptics VFS75xx Firmware=5.5.11.1106
Synaptics VFS75xx Firmware=5.5.15.1102
Synaptics VFS75xx Firmware=5.5.38.1058
Synaptics VFS75xx Firmware=5.5.2734.1050
Synaptics VFS75xx Firmware=5.5.2811.1050
Synaptics VFS75xx Firmware=5.6.23.1000
Synaptics VFS75xx Firmware=6.0.14.1108
Synaptics VFS75xx Firmware=6.0.32.1104
Synaptics VFS75xx Firmware=6.0.42.1107
Synaptics VFS75xx Firmware
Lenovo ThinkPad T25 Firmware<5.2.3540.26
Lenovo ThinkPad 25 Firmware
Lenovo ThinkPad A475 Firmware<5.02.3539.0026
Lenovo ThinkPad A475 Firmware
Lenovo ThinkPad A485 Firmware<5.03.3542.0026
Lenovo ThinkPad A485 Firmware
Lenovo ThinkPad E480<5.2.321.26
Lenovo ThinkPad E480
Lenovo ThinkPad E580 Firmware<5.2.321.26
Lenovo Thinkpad E580
Lenovo ThinkPad E485 Firmware<5.2.321.26
Lenovo ThinkPad E485
Lenovo ThinkPad E585 Firmware<5.2.321.26
Lenovo ThinkPad E585 Firmware
Lenovo ThinkPad E490s Firmware<5.2.321.26
Lenovo ThinkPad E490s Firmware
Lenovo ThinkPad S3 3rd Gen Firmware<5.2.321.26
Lenovo ThinkPad S3 Firmware
Lenovo ThinkPad E490 Firmware<5.2.321.26
Lenovo ThinkPad E490
Lenovo ThinkPad E590 Firmware<5.2.321.26
Lenovo ThinkPad E590
Lenovo ThinkPad R490 Firmware<5.2.321.26
Lenovo ThinkPad R490 Firmware
Lenovo ThinkPad R590 Firmware<5.2.321.26
Lenovo ThinkPad R590 Firmware
Lenovo ThinkPad L480 Firmware<5.3.3542.26
Lenovo ThinkPad L480
Lenovo ThinkPad L580 Firmware<5.3.3542.26
Lenovo ThinkPad L580 Firmware
Lenovo ThinkPad P1 Firmware<5.3.3542.26
Lenovo ThinkPad P1 Firmware
Lenovo ThinkPad P1 Firmware<6.0.36.1105
Lenovo Thinkpad P1 Gen 2
Lenovo ThinkPad X1 Extreme 2nd Gen Firmware<6.0.36.1105
Lenovo ThinkPad X1 Extreme (2nd Gen)
Lenovo ThinkPad P43s Firmware<6.0.36.1105
Lenovo Thinkpad P43s Firmware
Lenovo ThinkPad P50s Firmware<5.1.338.26
Lenovo ThinkPad P50 Firmware
Lenovo ThinkPad P51 Firmware<5.2.3540.26
Lenovo ThinkPad P51
Lenovo ThinkPad P51s Firmware<5.2.3540.26
Lenovo ThinkPad P51s (20JX)
Lenovo ThinkPad P51s Firmware<5.2.3540.26
Lenovo ThinkPad P51s
Lenovo ThinkPad P51s (20HX) Firmware<5.2.3540.26
Lenovo ThinkPad P51s
Lenovo ThinkPad P52 Firmware<5.2.3540.26
Lenovo ThinkPad P52
Lenovo ThinkPad P52s Firmware<5.3.3542.26
Lenovo ThinkPad P52s Firmware
Lenovo ThinkPad P53 Firmware<6.0.36.1105
Lenovo ThinkPad P53s
Lenovo ThinkPad P53s Firmware<6.0.36.1105
Lenovo ThinkPad P53s Firmware
Lenovo ThinkPad P70 Firmware<5.1.338.26
Lenovo ThinkPad P70 BIOS
Lenovo ThinkPad P71 Firmware<5.2.3540.26
Lenovo ThinkPad P71
Lenovo ThinkPad P72 Firmware<5.3.3542.26
Lenovo ThinkPad P72 Firmware
Lenovo ThinkPad P73 Firmware<5.3.3542.26
Lenovo ThinkPad P73
Lenovo ThinkPad T25 Firmware<5.2.3540.26
Lenovo ThinkPad T25 (20K7)
Lenovo ThinkPad T460p Firmware<5.1.338.26
Lenovo ThinkPad T460p BIOS
Lenovo ThinkPad T460s Firmware<5.1.338.26
Lenovo ThinkPad T460s Firmware
Lenovo ThinkPad T470 (20HX) Firmware<5.2.3540.26
Lenovo ThinkPad T470 (20HX)
Lenovo ThinkPad T470 (20JX) Firmware<5.2.3540.26
Lenovo ThinkPad T470 (20JX)
Lenovo ThinkPad T470p firmware<5.2.3540.26
Lenovo ThinkPad T470p firmware
Lenovo ThinkPad T470s (20HX) Firmware<5.2.3540.26
Lenovo ThinkPad T470s
Lenovo ThinkPad T470s (20JX) Firmware<5.2.3540.26
Lenovo ThinkPad T470s (20JX)
Lenovo ThinkPad T480 Firmware<5.3.3542.26
Lenovo ThinkPad T480
Lenovo ThinkPad T480s Firmware<5.3.3542.26
Lenovo ThinkPad T480s Firmware
Lenovo ThinkPad T490 Firmware<6.0.36.1105
Lenovo ThinkPad T490 (20QX)
Lenovo ThinkPad T490s Firmware<6.0.36.1105
Lenovo ThinkPad T490s Firmware
Lenovo ThinkPad T570 (20HX) Firmware<5.2.3540.26
Lenovo ThinkPad T570
Lenovo ThinkPad T570 (20JX) Firmware<5.2.3540.26
Lenovo ThinkPad T570
Lenovo ThinkPad T580 Firmware<5.3.3542.26
Lenovo ThinkPad T580
Lenovo ThinkPad T590 Firmware<6.0.36.1105
Lenovo ThinkPad T590
Lenovo ThinkPad X1 Carbon Firmware<5.2.3540.26
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Carbon (20KX) Firmware<5.3.3542.26
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Carbon Firmware<5.1.338.26
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Yoga 4th Gen<5.1.338.26
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Extreme 2nd Gen Firmware<5.3.3542.26
Lenovo ThinkPad X1 Extreme (2nd Gen)
Lenovo ThinkPad X1 Tablet Firmware<5.5.40.1058
Lenovo ThinkPad X1 Tablet
Lenovo ThinkPad X1 Tablet Firmware<5.2.227.26
lenovo thinkpad x1 tablet
Lenovo ThinkPad X1 Yoga (20SX) Firmware<5.1.338.26
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad X1 Yoga Firmware<5.2.3540.26
Lenovo ThinkPad X1 Yoga (20JX)
Lenovo ThinkPad X1 Yoga Gen 3 Firmware<5.3.3542.26
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad x270 firmware<5.2.3540.26
Lenovo ThinkPad X270
Lenovo ThinkPad X280 Firmware<5.3.3542.26
Lenovo ThinkPad X280 Firmware
Lenovo ThinkPad x380 Yoga Firmware<5.3.3542.26
Lenovo ThinkPad X380 Yoga
Lenovo ThinkPad X390 Firmware<6.0.36.1105
Lenovo ThinkPad X390 Yoga
Lenovo ThinkPad X390 Yoga Firmware<6.0.36.1105
Lenovo ThinkPad X390 Yoga Firmware
Lenovo ThinkPad Yoga 370 Firmware<5.2.3540.26
Lenovo ThinkPad Yoga 370 Firmware
Lenovo ThinkPad S1 Firmware<5.2.3540.26
Lenovo ThinkPad S1
Lenovo ThinkPad Yoga 260 S1 Firmware<5.1.338.26
Lenovo ThinkPad Yoga 260 Firmware
Lenovo ThinkPad S1 Yoga Firmware<5.1.338.26
Lenovo ThinkPad S1 Yoga
Lenovo ThinkPad A275 Firmware<5.2.3535.26
Lenovo ThinkPad A275 Firmware
HP Envy 13t-ah100 Firmware<5.5.11.1093
HP Envy 13t-ah100
HP Envy 13t-aq100 Firmware<6.0.39.1111
HP Envy 13t-aq100
HP Envy Laptop 13-ah0xxx<5.5.11.1093
HP Envy 13
HP Envy Firmware<5.5.11.1093
HP Envy 13-ah1xxx Firmware
HP Envy 13-aq0xxx<6.0.39.1111
HP Envy 13
HP Envy 13-aq1xxx<6.0.39.1111
HP Envy 13t-aq100 Firmware
HP Envy - 17t-bw000 Firmware<5.5.11.1093
HP Envy 17
HP Envy 17t-ce000 Firmware<6.0.39.1111
HP Envy 17t-ce000
HP Envy 17t-ce100 Firmware<6.0.39.1111
HP Envy 17t-ce100 Firmware
HP Envy - 17t-bw000 Firmware<5.5.11.1093
hp envy 17-bw0xxx firmware
HP Envy 17-ce0xxx Firmware<6.0.39.1111
HP Envy 17
HP Envy 17t-ce000 Firmware<6.0.39.1111
HP Envy 17
HP Envy 17m-bw0xxx Firmware<5.5.11.1093
HP Envy 17
HP Envy 17-ce0xxx Firmware<6.0.39.1111
HP Envy 17
HP Envy 17m-ce1xxx Firmware<6.0.39.1111
HP Envy 17
HP Envy x360 Firmware<5.5.11.1093
HP Envy x360 Firmware
HP Envy x360 - 15t-dr000 (Validity FPS) Firmware<6.0.39.1111
HP Envy 15 x360
hp envy x360 - 15t-dr000 (validity fps) firmware<5.5.26.1102
HP Envy x360 - 15t-dr000 (Validity FPS)
HP Envy x360 - 15t-dr100 (Validity FPS)<6.0.39.1111
HP Envy x360 Firmware
HP Envy x360 - 15t-dr100 (Validity FPS) Firmware<5.5.26.1102
HP Envy x360 - 15t-dr100 (Validity FPS)
HP Envy 15-cn0xxx x360 Firmware<5.5.11.1093
HP Envy x360 15-cn0xxx
HP Envy x360 Firmware<5.5.11.1093
HP Envy x360 15-cn1xxx
hp envy 15-dr0xxx x360 (validity fps) firmware<6.0.39.1111
HP Envy x360
hp envy 15-dr0xxx x360 (validity fps) firmware<5.5.26.1102
HP Envy 15 (x360)
HP Envy 15-dr1xxx x360 (Validity FPS)<6.0.39.1111
HP Envy 15-dr1xxx x360 firmware
HP Envy 15-dr1xxx x360 (Validity FPS) Firmware<5.5.26.1102
HP Envy 15-dr1xxx x360 (Validity FPS)
hp envy 15-cn0xxx x360 firmware<5.5.11.1093
HP Envy 15-cn0xxx x360
HP Envy 15m-dr0xxx x360<6.0.39.1111
HP Envy 15-dr0xxx x360
hp envy 15m-dr0xxx x360 (validity fps) firmware<5.5.26.1102
HP Envy 15m-dr0xxx x360 (Validity FPS)
HP Envy x360 Firmware<6.0.39.1111
HP Envy 15m-dr1xxx x360 (Validity FPS)
HP Envy 15m-dr1xxx x360 (Validity FPS) Firmware<5.5.26.1102
HP Envy 15m-dr1xxx x360 (Validity FPS)
HP Pavilion x360 14-dh0xxx Firmware<5.5.11.1093
hp pavilion x360 - 14t-cd000 firmware
HP Pavilion x360 - 15t-dq000<5.5.8.1116
HP Pavilion x360 - 15t-dq000 Firmware
HP Pavilion x360 - 15t-dq100<5.5.8.1116
HP Pavilion x360
HP Pavilion x360 14t-cd100<5.5.11.1093
HP Pavilion x360
HP Pavilion x360 14t-dh000 Firmware<5.5.8.1116
HP Pavilion x360 14t-dh000 Firmware
HP Pavilion 14-cd1xxx x360<5.5.11.1093
HP Pavilion x360 14-cd1xxx
HP Pavilion 14-cd2xxx x360 firmware<5.5.11.1093
HP Pavilion 14-cd2xxx x360 firmware
HP Pavilion x360 14-dh0xxx Firmware<5.5.8.1116
HP Pavilion 14-dh0xxx x360 Firmware
HP Pavilion x360 14m-cd0xxx Firmware<5.5.11.1093
HP Pavilion x360 14m-cd0xxx Firmware
HP Pavilion x360 14m-dh0xxx<5.5.8.1116
HP Pavilion x360 14m-dh0xxx
HP Pavilion 15 Firmware<5.5.8.1116
HP Pavilion 15 Firmware
HP Spectre x360 Firmware<5.5.26.1102
HP Spectre x360 16-f0xxx

Remedy

https://support.hp.com/hk-en/document/c06696568

Remedy

https://support.lenovo.com/us/en/product_security/LEN-31372

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-18619?

    CVE-2019-18619 is classified as a high severity vulnerability due to its potential to allow the execution of arbitrary code within an SGX enclave.

  • How do I fix CVE-2019-18619?

    To remediate CVE-2019-18619, update all affected Synaptics WBF drivers to versions released after November 15, 2019.

  • What causes CVE-2019-18619?

    CVE-2019-18619 is caused by incorrect parameter validation in the synaTee component of Synaptics WBF drivers.

  • Who is affected by CVE-2019-18619?

    CVE-2019-18619 affects local users utilizing vulnerable versions of Synaptics WBF drivers that utilize an SGX enclave.

  • What type of vulnerability is CVE-2019-18619?

    CVE-2019-18619 is a local privilege escalation vulnerability that allows unauthorized code execution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203