CVE-2024-36056

Name of the Vulnerable Software and Affected Versions Marvin Test HW.exe versions prior to 5.0.5.0

Description The issue allows unprivileged user-mode processes to arbitrarily map physical memory, leading to NT AUTHORITYSYSTEM privilege escalation. This is achieved via IOCTL 0x9c406490, which involves the functions IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages.

Recommendations For versions prior to 5.0.5.0, update to version 5.0.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Hw64.sys driver to minimize the risk of exploitation.