CVE-2020-12138

Name of the Vulnerable Software and Affected Versions atillk64.sys version 5.11.9.0

Description The issue allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITYSYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.

Recommendations For atillk64.sys version 5.11.9.0, consider restricting access to the driver routines MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages to prevent low-privileged users from achieving NT AUTHORITYSYSTEM privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.