CVE-2020-14979

Name of the Vulnerable Software and Affected Versions EVGA Precision X1 versions through 1.0.6 winring0 project winring0 version 1.2.0

Description The WinRing0.sys and WinRing0x64.sys drivers versions 1.2.0 in EVGA Precision X1 through 1.0.6 contain a flaw that allows local users, including those with low integrity, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITYSYSTEM privileges by mapping DevicePhysicalMemory into the calling process. This issue has been actively exploited in cryptojacking campaigns, where it is used to deploy a custom XMRig miner and boost its hashrate. The malware spreads via USB drives, potentially infecting air-gapped systems. The vulnerability allows malicious programs to bypass system security measures.

Recommendations Versions prior to 1.0.6 should be updated.