CVE-2021-29337

Name of the Vulnerable Software and Affected Versions MSI Dragon Center version 2.0.104.0

Description The issue is related to the MODAPI.sys driver in the MSI Dragon Center software, which allows low-privileged users to access kernel memory. This could potentially enable an attacker to escalate their privileges. The vulnerability can be exploited via a crafted IOCTL 0x9c406104 call, which provides the MmMapIoSpace feature for mapping physical memory.

Recommendations For MSI Dragon Center version 2.0.104.0, consider disabling the MODAPI.sys driver as a temporary workaround until a patch is available. Restrict access to the IOCTL 0x9c406104 call to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.