Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation.
[
{
"cpes": [
"cpe:2.3:a:marvin_test:hw_driver:1.0:*:*:*:*:*:*:*"
],
"vendor": "marvin_test",
"product": "hw_driver",
"versions": [
{
"status": "affected",
"version": "1.0",
"versionType": "custom",
"lessThanOrEqual": "5.0.4.0"
}
],
"defaultStatus": "affected"
}
]