CVE-2024-9157
Published: 11 March 2025
Description
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
Security Summary
CVE-2024-9157 is a privilege escalation vulnerability in the CxUIUSvc64.exe and CxUIUSvc32.exe components of Synaptics audio drivers. It enables a local authorized attacker to load a malicious DLL into a privileged process, stemming from improper access control (CWE-284). The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and has been designated as unsupported when assigned, as the affected Synaptics audio drivers are end-of-life.
A local attacker with low-privilege authorization can exploit this vulnerability by leveraging the affected executables to load an arbitrary DLL within a higher-privileged process context. Successful exploitation grants the attacker high-impact access to confidentiality, integrity, and availability, potentially allowing full system compromise on Windows systems running the vulnerable drivers.
Synaptics' security advisory emphasizes that the product is end-of-life and recommends immediate removal to mitigate risks, with no patches available due to its unsupported status. Additional details are provided in the advisory at https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows a local attacker to load a malicious DLL into a higher-privileged process due to improper access control, directly enabling DLL Side-Loading (T1574.002) to achieve privilege escalation (T1068).