CVE-2022-47631
NixOS vulnerability analysis and mitigation

Overview

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. The vulnerability affects the Razer Synapse Service which runs with elevated privileges. The issue exists because attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin before the service is installed and deny write access for the SYSTEM user. Although the service checks for malicious DLLs, attackers can exploit a race condition to replace a valid DLL with a malicious one after the check but before loading (SYSS Advisory, NVD).

Technical details

The vulnerability combines multiple security issues: an unsafe installation path in %PROGRAMDATA%, improper privilege management allowing attackers to set restrictive permissions, and a time-of-check-time-of-use (TOCTOU) race condition in DLL validation. The service checks for malicious DLLs upon startup but loads them after validation, creating a window for exploitation. The CVSS v3.1 base score is 7.8 (High) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H (NVD).

Impact

A successful exploit allows local Windows users to obtain administrative privileges on the system. The attack requires physical access to the machine and needs to be prepared before Razer Synapse is installed along with a Razer driver (SYSS Advisory).

Mitigation and workarounds

Razer has released a patched version (3.8.0428.042117) that is automatically deployed during driver installation on current Windows builds. System administrators can prevent similar attacks through other co-installers by setting HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer\DisableCoInstallers = 1 in the Windows registry (SYSS Advisory).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management