Cyber Resilience

CVE-2024-9157

HighLPE

Published: 11 March 2025

Published
11 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9157 is a high-severity Improper Access Control (CWE-284) vulnerability in Synaptics (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-10 (Software Usage Restrictions).

Deeper analysis

CVE-2024-9157 is a privilege escalation vulnerability in the CxUIUSvc64.exe and CxUIUSvc32.exe components of Synaptics audio drivers. It enables a local authorized attacker to load a malicious DLL into a privileged process, stemming from improper access control (CWE-284). The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and has been designated as unsupported when assigned, as the affected Synaptics audio drivers are end-of-life.

A local attacker with low-privilege authorization can exploit this vulnerability by leveraging the affected executables to load an arbitrary DLL within a higher-privileged process context. Successful exploitation grants the attacker high-impact access to confidentiality, integrity, and availability, potentially allowing full system compromise on Windows systems running the vulnerable drivers.

Synaptics' security advisory emphasizes that the product is end-of-life and recommends immediate removal to mitigate risks, with no patches available due to its unsupported status. Additional details are provided in the advisory at https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf.

EU & UK References

Vulnerability details

** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is…

more

being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
Why these techniques?

The vulnerability allows a local attacker to load a malicious DLL into a higher-privileged process due to improper access control, directly enabling DLL Side-Loading (T1574.002) to achieve privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-48898Shared CWE-284
CVE-2026-25176Shared CWE-284
CVE-2026-48899Shared CWE-284
CVE-2026-37526Shared CWE-284
CVE-2024-56883Shared CWE-284
CVE-2026-42823Shared CWE-284
CVE-2026-0844Shared CWE-284
CVE-2026-41086Shared CWE-284
CVE-2026-35242Shared CWE-284
CVE-2026-33834Shared CWE-284

Affected Assets

Synaptics
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires disabling or removing unsupported end-of-life system components like the vulnerable Synaptics audio drivers to eliminate the privilege escalation risk.

prevent

Enforces software usage restrictions via deny-all/permit-by-exception policies that prevent execution of unauthorized malicious DLLs loaded by the vulnerable services.

prevent

Mandates least privilege for processes, limiting the impact of privilege escalation by ensuring affected services run with minimal necessary privileges.

References