CVE-2024-29216

Name of the Vulnerable Software and Affected Versions cg6kwin2k.sys versions prior to 2.1.7.0

Description The issue is related to an exposed IOCTL with insufficient access control in the cg6kwin2k.sys driver. This allows a user without administrator privileges to send a specific IOCTL request and perform I/O to arbitrary hardware ports or physical addresses, potentially resulting in the erasure or alteration of firmware.

Recommendations For versions prior to 2.1.7.0, update to version 2.1.7.0 or later to secure the system. As a temporary workaround, consider restricting access to the IOCTL handler to minimize the risk of exploitation.