Merry Hackmas: multiple vulnerabilities in MSI’s products
This blog post serves as an advisory for a couple of MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with.
All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:
Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual address user-space.
Read/write Model-Specific Registers (MSRs) via the __readmsr/__writemsr functions calls.
Read/write 1/2/4 bytes to or from an IO port.
An attacker could exploit...