CVE-2023-6482 Information

Description

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows

an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker who has physical access to the sensor to enroll a fingerprint into the template database.

Reference

https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf