CVE-2025-70616

Name of the Vulnerable Software and Affected Versions Wincor Nixdorf wnBios64.sys version 1.2.0.0

Description A stack buffer overflow exists in the wnBios64.sys kernel driver within the IOCTL handler for code 0x80102058. The issue is due to a lack of bounds checking on the user-controlled Options parameter before data is copied into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this by sending a crafted IOCTL request with Options exceeding 40 bytes, leading to a stack buffer overflow. This could result in kernel code execution, local privilege escalation, or a denial of service (system crash). The IOCTL handler may also leak kernel addresses and sensitive stack data when reading beyond buffer boundaries.

Recommendations Update to a newer version of Wincor Nixdorf wnBios64.sys that addresses this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.