CVE-2024-0454

MEDIUM

ELAN Match-on-Chip FPR - Info Disclosure

Title source: llm

Description

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

References (2)

[Not Applicable] https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy

[Third Party Advisory] https://github.com/advisories/GHSA-w3jx-33qh-77f8

Scores

CVSS v3 6.0

EPSS 0.0001

EPSS Percentile 1.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Classification

CWE

CWE-290

Status published

Affected Products (2)

emc/elan_match-on-chip_fpr_solution_firmware

Timeline

Published Jan 12, 2024

Tracked Since Feb 18, 2026