Vulnerability CVE-2018-8061


Published: 2018-05-09   Modified: 2018-05-10

Description:
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Hwinfo
Product: Amd64 kernel driver 
Version: 8.98;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
https://github.com/otavioarj/SIOCtl

Copyright 2019, cxsecurity.com

 

Back to Top