Zialib

**Name of the Vulnerable Software and Affected Versions** cpuz.sys version 1.0.5.4 **Description** An attacker can use `DeviceIoControl` with unvalidated parameters `0x9C402440` and `0x9C402444` as `IoControlCodes` to perform RDMSR and WRMSR, respectively. This allows modification of `MSR LSTAR` and hooking of `KiSystemCall64`. Utilizing Return-Oriented Programming (ROP), the attacker can manipulate the stack with pre-prepared gadgets, disable the SMAP flag in the CR4 register, and execute a user-mode syscall handler in the kernel context. This issue functions on 64-bit Windows if core isolation is absent or disabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.