PT-2021-17698 · Msi · Msi Dragon Center+1
Published
2021-03-05
·
Updated
2021-03-16
·
CVE-2021-27965
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
MSI Dragon Center versions prior to 2.0.98.0
MsIo64.sys driver versions prior to 1.1.19.1016
Description:
The issue is related to a buffer overflow in the MsIo64.sys driver, which allows privilege escalation via a crafted IOCTL request. Specifically, the requests 0x80102040, 0x80102044, 0x80102050, or 0x80102054 can be used to exploit this issue.
Recommendations:
For MSI Dragon Center versions prior to 2.0.98.0, update to version 2.0.98.0 or later to resolve the issue.
For MsIo64.sys driver versions prior to 1.1.19.1016, update to version 1.1.19.1016 or later to resolve the issue.
As a temporary workaround, consider restricting access to the MsIo64.sys driver to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Msi Dragon Center
Msio64.Sys