CVE-2024-9157
Published: 11 March 2025
Summary
CVE-2024-9157 is a high-severity Improper Access Control (CWE-284) vulnerability in Synaptics (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-10 (Software Usage Restrictions).
Deeper analysis
CVE-2024-9157 is a privilege escalation vulnerability in the CxUIUSvc64.exe and CxUIUSvc32.exe components of Synaptics audio drivers. It enables a local authorized attacker to load a malicious DLL into a privileged process, stemming from improper access control (CWE-284). The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and has been designated as unsupported when assigned, as the affected Synaptics audio drivers are end-of-life.
A local attacker with low-privilege authorization can exploit this vulnerability by leveraging the affected executables to load an arbitrary DLL within a higher-privileged process context. Successful exploitation grants the attacker high-impact access to confidentiality, integrity, and availability, potentially allowing full system compromise on Windows systems running the vulnerable drivers.
Synaptics' security advisory emphasizes that the product is end-of-life and recommends immediate removal to mitigate risks, with no patches available due to its unsupported status. Additional details are provided in the advisory at https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54125
Vulnerability details
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is…
more
being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows a local attacker to load a malicious DLL into a higher-privileged process due to improper access control, directly enabling DLL Side-Loading (T1574.002) to achieve privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires disabling or removing unsupported end-of-life system components like the vulnerable Synaptics audio drivers to eliminate the privilege escalation risk.
Enforces software usage restrictions via deny-all/permit-by-exception policies that prevent execution of unauthorized malicious DLLs loaded by the vulnerable services.
Mandates least privilege for processes, limiting the impact of privilege escalation by ensuring affected services run with minimal necessary privileges.