CVE-2021-44852
Description
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.
- CVSS Version 3.1
- CVSS Version 2.0
nvd
CVE ID: CVE-2021-44852
Base Score: 7.8
Base Severity: HIGH
Vector String:CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
nvd
CVE ID: CVE-2021-44852
Base Score: 7.2
Base Severity: HIGH
Vector String:AV:L/AC:L/Au:N/C:C/I:C/A:C
Proof Of Concept
CrackerCat
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.
Refrence: GitHub
Refrence: NVD