CVE-2022-47631

Name
CVE-2022-47631
Description
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-002.txt
FULLDISC http://seclists.org/fulldisclosure/2023/Sep/6
MISC http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:razer:synapse:*:*:*:*:*:*:*:* synapse >= None < 3.8.0428.042117

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
synapse 3.19-community 1.96.1-r0 6543 <6543@obermui.de> possibly vulnerable
synapse edge-community 1.116.0-r0 jahway603 <jahway603@protonmail.com> possibly vulnerable
synapse 3.20-community 1.116.0-r0 jahway603 <jahway603@protonmail.com> possibly vulnerable