CVE-2024-9157: Privilege Escalation Vulnerability in CxUIUSvc service
First published: Tue Mar 11 2025(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.
Credit: PSIRT@synaptics.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Server 2016 | ||
| Windows 11 | =24H2 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows Server 2012 R2 | ||
| Windows 11 | =23H2 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows Server 2012 R2 | ||
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2022 | ||
| Windows 11 | =24H2 | |
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Windows 11 | =22H2 | |
| Windows 11 | =22H2 | |
| Microsoft Windows 10 | =21H2 | |
| Microsoft Windows Server 2008 R2 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows 10 | =22H2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2025 | ||
| Windows 11 | =23H2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022 23H2 | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server 2025 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows Server 2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9157?
CVE-2024-9157 is classified as a privilege escalation vulnerability.
How do I fix CVE-2024-9157?
To mitigate CVE-2024-9157, ensure you are using the latest version of Synaptics audio drivers and apply all available security patches.
Who is affected by CVE-2024-9157?
CVE-2024-9157 affects users of the Synaptics audio drivers for both x64 and x86 systems.
What are the potential consequences of CVE-2024-9157?
If exploited, CVE-2024-9157 could allow a local authorized attacker to escalate privileges and execute malicious code.
Is CVE-2024-9157 still being supported?
CVE-2024-9157 may be considered unsupported since it has been assigned a status indicating limited support.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/type
- collector/msrc
- source/Microsoft
- agent/references
- agent/first-publish-date
- agent/description
- collector/msrc-cve
- agent/software-canonical-lookup
- agent/guess-ai
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1809
- canonical/windows 11
- version/windows 11/24h2
- version/microsoft windows 10/21h2
- canonical/microsoft windows server 2012 r2
- version/windows 11/23h2
- canonical/microsoft windows server 2022
- version/microsoft windows 10/22h2
- canonical/microsoft windows server 2008 r2
- canonical/microsoft windows server
- version/windows 11/22h2
- canonical/microsoft windows server 2019
- canonical/microsoft windows server 2025
- canonical/microsoft windows server 2022 23h2
- vendor/synaptics
- canonical/microsoft windows server 2016