CVE-2019-7245

Name of the Vulnerable Software and Affected Versions TechPowerUp GPU-Z versions prior to 2.23.0

Description An issue was discovered in the GPU-Z.sys driver, which exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). This allows arbitrary MSR writes, leading to Ring-0 code execution and escalation of privileges.

Recommendations For versions prior to 2.23.0, update to version 2.23.0 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable driver until a patch is available. Restrict access to the IOCTL endpoint to minimize the risk of exploitation. Avoid using the wrmsr instruction in the affected driver until the issue is resolved.