CVE-2024-9157
Published: 11 March 2025
Summary
CVE-2024-9157 is a high-severity Improper Access Control (CWE-284) vulnerability in Synaptics (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-10 (Software Usage Restrictions).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires disabling or removing unsupported end-of-life system components like the vulnerable Synaptics audio drivers to eliminate the privilege escalation risk.
Enforces software usage restrictions via deny-all/permit-by-exception policies that prevent execution of unauthorized malicious DLLs loaded by the vulnerable services.
Mandates least privilege for processes, limiting the impact of privilege escalation by ensuring affected services run with minimal necessary privileges.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows a local attacker to load a malicious DLL into a higher-privileged process due to improper access control, directly enabling DLL Side-Loading (T1574.002) to achieve privilege escalation (T1068).
NVD Description
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is…
more
being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.
Deeper analysisAI
CVE-2024-9157 is a privilege escalation vulnerability in the CxUIUSvc64.exe and CxUIUSvc32.exe components of Synaptics audio drivers. It enables a local authorized attacker to load a malicious DLL into a privileged process, stemming from improper access control (CWE-284). The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and has been designated as unsupported when assigned, as the affected Synaptics audio drivers are end-of-life.
A local attacker with low-privilege authorization can exploit this vulnerability by leveraging the affected executables to load an arbitrary DLL within a higher-privileged process context. Successful exploitation grants the attacker high-impact access to confidentiality, integrity, and availability, potentially allowing full system compromise on Windows systems running the vulnerable drivers.
Synaptics' security advisory emphasizes that the product is end-of-life and recommends immediate removal to mitigate risks, with no patches available due to its unsupported status. Additional details are provided in the advisory at https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf.
Details
- CWE(s)