Severity: High
Micro-Star International (MSI) Dragon Center v. <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the following drivers components:
atidgllk.sys - D299A2420F92A1F0150265F26D496AE587A681DA
atillk64.sys - C52CEF5B9E1D4A78431B7AF56A6FDB6AA1BCAD65
MODAPI.sys/WinRing0x64.sys - D25340AE8E92A6D29F599FEF426A2BC1B5217299
NTIOLib.sys - CFD03C6FA17F369E5D7286D1B8A97C49DDAE93A3
NTIOLib.sys - FC639CC99362DF79D7AAC31057740C515205A6C4
NTIOLib.sys - 4C9691E9B87DC84619E30C6EB21256369EFB8996
NTIOLib_X64.sys - 9F31AD3DBA608773EBE62962D654508D7787FF08
NTIOLib_X64.sys - DB4C5957DBDA3D3691AA1E393D1F63AD0B049DF5
NTIOLib_X64.sys - AD31989CC268ABF8CB36BF44C2087AA761F30F3E
WinRing0.sys - 8AC34EB21B9B38F67CD29684C45696C20AB2E75A
All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:
- Directly interact with physical memory via the
MmMapIoSpace
function call, mapping physical memory into a virtual address user-space. - Read/write Model-Specific Registers (MSRs) via the
__readmsr/__writemsr
functions calls. - Read/write 1/2/4 bytes to or from an IO port.
Attackers could exploit these issues to achieve local privilege escalation from low-privileged users to NT AUTHORITY\SYSTEM
.