34 matches found
CVE-2019-7247
CVE-2019-7247 affects AMD OverDrive’s AODDriver2.sys. The driver exposes wrmsr via IOCTL 0x81112ee0 and fails to properly filter MSRs, enabling arbitrary MSR writes that can lead to Ring-0 code execution and privilege escalation. Documents from Red Hat and other sources corroborate the same flaw....
CVE-2019-7630
An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation o...
CVE-2019-7245
An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges...
CVE-2019-7240
An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges...
CVE-2019-7244
An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges...
Privilege escalation
An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation o...
Privilege escalation
An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges...
Privilege escalation
An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges...
CVE-2019-7630
CVE-2019-7630 affects Gigabyte APP Center prior to 19.0227.1. The gdrv.sys driver exposes wrmsr via IOCTL 0xC3502580 and fails to properly filter MSR targets, allowing arbitrary MSR writes that can lead to Ring-0 code execution and privilege escalation. Public sources in the connected documents c...
CVE-2019-7240
An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges...
CVE-2019-7245
An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges...
CVE-2018-18535
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-0 code...
Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution Exploit
Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation class 185, Warbird functionality. Windows 10 Creators Update 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation class 185, Warbird functionality...
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service Privilege Escalation Source: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/ Introduction Problem description: The initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from...