PT-2023-23152 · Broadcom+1 · Broadcom Lsi Pci-Sv92Ex Soft Modem Kernel Driver+1
Published
2023-10-10
·
Updated
2026-03-10
·
CVE-2023-31096
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver versions through 2.2.100.1
Description
An issue exists in the Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver (AGRSM64.sys) that allows for local privilege escalation to SYSTEM privileges. This is achieved through a stack overflow in the
RTLCopyMemory function, accessible via the IOCTL 0x1b2150. An attacker with medium-integrity process privileges can exploit this to gain SYSTEM-level access. This can also be used to bypass kernel-level protections like AV or PPL, as exploit code executes with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.Recommendations
Versions prior to 2.2.100.1 should be updated.
Exploit
Fix
LPE
Stack Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Broadcom Lsi Pci-Sv92Ex Soft Modem Kernel Driver
Windows