CVE-2024-9157 HIGH

CVE-2024-9157: Privilege Escalation Vulnerability in CxUIUSvc service

Vendor Synaptics
Product Synaptics Audio Driver
Weakness CWE-284
Published March 11, 2025
Last update March 11, 2025
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
March 11, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-34696 Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability CVE-2024-27891 On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. CVE-2021-26559 CWE-284 Improper Access Control on Configurations Endpoint for the Stable API CVE-2015-9236 CVE-2023-3095 Improper Access Control in nilsteampassnet/teampass