CVE-2019-9730

HIGH

Synaptics Sound Device <2.29 - Privilege Escalation

Title source: llm

Description

Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.

Exploits (2)

nomisec WORKING POC 37 stars

by jthuraisamy · poc

https://github.com/jthuraisamy/CVE-2019-9730

View Code ZIP pw:eip

gitlab WORKING POC

by scaery · poc

https://gitlab.com/scaery/CVE-2019-9730

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-25822

[Exploit, Third Party Advisory] https://twitter.com/Jackson_T

[Vendor Advisory] https://www.synaptics.com/company/blog/

Scores

CVSS v3 8.8

EPSS 0.0709

EPSS Percentile 91.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

Status published

Products (1)

synaptics/sound_device < 2.29

Published Jun 05, 2019

Tracked Since Feb 18, 2026