CVE-2024-9157: Privilege Escalation Vulnerability in CxUIUSvc service
Description
** UNSUPPORTED WHEN ASSIGNED **
A privilege escalation vulnerability in CxUIUSvc64.exe and
CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized
attacker to load a DLL in a privileged process.
Out of an abundance of caution, this CVE ID is being
assigned to better serve our customers and ensure all who are still running
this product understand that the product is End-of-Life and should be removed.
For more information on this, refer to the CVE Record’s reference information.
Classification
CVE ID: CVE-2024-9157
CVSS Base Severity: HIGH
CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types
CWE-284 Improper Access ControlAffected Products
Vendor: Synaptics
Product: Synaptics Audio Driver
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.01% (probability of being exploited)
EPSS Percentile: 0.86% (scored less or equal to compared to others)
EPSS Date: 2025-04-09 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-9157https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf