CVE-2018-16098

HIGH

Lenovo Synaptics ThinkPad UltraNav Driver - Unquoted Search Path

Title source: llm

Description

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

References (2)

Core 2

Core References

Patch, Vendor Advisory

https://support.lenovo.com/bg/en/product_security/len-24573

Broken Link x_refsource_confirm

https://support.lenovo.com/us/en/solutions/LEN-24573

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 17.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (50)

lenovo/synaptics_thinkpad_ultranav_driver 18.0.7.119

lenovo/synaptics_thinkpad_ultranav_driver 19.5.19.33

lenovo/synaptics_thinkpad_ultranav_driver 19.0.17.140

lenovo/synaptics_thinkpad_ultranav_driver 19.3.4.219

lenovo/synaptics_thinkpad_ultranav_driver 16.2.19.23

lenovo/synaptics_thinkpad_ultranav_driver 18.1.27.42

lenovo/thiankpad_l430_firmware

lenovo/thiankpad_l530_firmware

lenovo/thiankpad_p1_firmware

lenovo/thiankpad_p50s_firmware

... and 40 more

Published Jan 24, 2019

Tracked Since Feb 18, 2026