CVE-2024-0454

MEDIUM

ELAN Match-on-Chip FPR - Info Disclosure

Title source: llm

Description

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

References (2)

Core 2

Core References

Not Applicable

https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy

Third Party Advisory

https://github.com/advisories/GHSA-w3jx-33qh-77f8

Scores

CVSS v3 6.0

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-290

Status published

Products (2)

emc/elan_match-on-chip_fpr_solution_firmware 3.0.12011.08009

emc/elan_match-on-chip_fpr_solution_firmware 3.3.12011.08103

Published Jan 12, 2024

Tracked Since Feb 18, 2026