Vulnerability Description
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Synaptics Thinkpad Ultranav Driver | 18.0.7.119 |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 8.1 | - |
| Microsoft | Windows 10 | - |
| Lenovo | Thinkpad Helix Firmware | - |
| Lenovo | Thinkpad Helix | - |
| Lenovo | Thiankpad L430 Firmware | - |
| Lenovo | Thiankpad L430 | - |
| Lenovo | Thiankpad L530 Firmware | - |
| Lenovo | Thiankpad L530 | - |
| Lenovo | Thiankpad P1 Firmware | - |
| Lenovo | Thiankpad P1 | - |
| Lenovo | Thiankpad X1 Extreme Firmware | - |
| Lenovo | Thiankpad X1 Extreme | - |
| Lenovo | Thiankpad P50S Firmware | - |
| Lenovo | Thiankpad P50S | - |
| Lenovo | Thiankpad P51 Firmware | - |
| Lenovo | Thiankpad P51 | - |
| Lenovo | Thiankpad P51S Firmware | - |
| Lenovo | Thiankpad P51S | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/solutions/LEN-24573Broken Link
- https://support.lenovo.com/bg/en/product_security/len-24573PatchVendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-24573Broken Link
FAQ
What is CVE-2018-16098?
CVE-2018-16098 is a vulnerability with a CVSS score of 7.8 (HIGH). In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege u...
How severe is CVE-2018-16098?
CVE-2018-16098 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16098?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Synaptics Thinkpad Ultranav Driver, Microsoft Windows 7, Microsoft Windows 8.1, Microsoft Windows 10, Lenovo Thinkpad Helix Firmware.