Severity: High

Micro-Star International (MSI) App Player v. <= is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the following driver component:

  • NTIOLib_X64.sys - AE3763CBBD21F6E561AC502D2EE7FE8EDFB2292D

All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:

  • Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual address user-space.
  • Read/write Model-Specific Registers (MSRs) via the __readmsr/__writemsr functions calls.

Attackers could exploit these issues to achieve local privilege escalation from low-privileged users to NT AUTHORITY\SYSTEM.