CVE-2021-3675: synaTEE.signed.dll Out-Of-Bounds Heap Write

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3675

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

synaTEE.signed.dll Out-Of-Bounds Heap Write

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Synaptics Fingerprint Driver 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Synaptics Fingerprint Driver是美国Synaptics公司的一种区域触摸和滑动指纹驱动程序。 Synaptics Fingerprint Driver 存在缓冲区错误漏洞，该漏洞源于允许本地攻击者向驱动程序的 SGX Enclave 发送精心制作的命令以覆盖堆内存，从而在释放内存时导致崩溃，并导致潜在的机密性损失，以下产品和版本受到影响：Synaptics Fingerprint Driver 5.1.xxx.26系列 xxx为340 之前的版本；5.2.xxxx.26系列xxx

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Synaptics	Synaptics Fingerprint Driver	5.1.xxx.26 ~ xxx=340	-

II. Public POCs for CVE-2021-3675

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-3675

Please Login to view more intelligence information

https://synaptics.com/sites/default/files/2022-06/fingerprint-driver-SGX-security-brief-2022-06-14.pdfx_refsource_CONFIRM
https://support.lenovo.com/us/en/product_security/LEN-68054x_refsource_MISC
https://support.hp.com/us-en/document/ish_6411153-6411191-16/hpsbhf03797x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-3675

IV. Related Vulnerabilities

Same product: Synaptics Fingerprint Driver

Same vendor: Synaptics

Same weakness: CWE-20

V. Comments for CVE-2021-3675

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-3675

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-3675

III. Intelligence Information for CVE-2021-3675

IV. Related Vulnerabilities

V. Comments for CVE-2021-3675

Leave a comment