Crucial by Micron Technology, Inc Ballistix MOD Utility v.<= 18.104.22.168 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the
MODAPI.sys driver component.
Both vulnerabilities are triggered by sending specific IOCTL requests that allows low-privileged users to:
- Directly interact with physical memory via the
MmMapIoSpacefunction call, mapping physical memory into a virtual address user-space.
- Read/write Model-Specific Registers (MSRs) via the
Attackers could exploit this issues to achieve local privilege escalation to