CVE-2022-47632

CVE-2022-47632

Name

CVE-2022-47632

Description

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://syss.de
MISC	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-047.txt
MISC	http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html
FULLDISC	http://seclists.org/fulldisclosure/2023/Sep/6
MISC	http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html

Type

URI

MISC

https://syss.de

MISC

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-047.txt

MISC

http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html

FULLDISC

http://seclists.org/fulldisclosure/2023/Sep/6

MISC

http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:razer:synapse::::::::`	synapse	>= None	< 3.7.0830.081906

CPE URI

Source package

Min version

Max version

cpe:2.3:a:razer:synapse:*:*:*:*:*:*:*:*

synapse

>= None

< 3.7.0830.081906

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
synapse	edge-community	1.120.2-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.121.1-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.122.0-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.123.0-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.124.0-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.125.0-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.126.0-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.127.0-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.127.1-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.128.0-r0	jahway603 <jahway603@protonmail.com>	possibly vulnerable
synapse	edge-community	1.129.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.130.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.131.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.132.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.133.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.134.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.135.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.135.2-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.136.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.130.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.136.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.137.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.137.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.138.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.138.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.138.2-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.138.2-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.139.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.139.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.139.2-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.139.2-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.140.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.140.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.141.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.141.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	edge-community	1.142.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable
synapse	3.22-community	1.142.0-r0	jahway603 <jahway603@tutanota.de>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages