CVE-2021-27965

Published: Mar 5, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

Affected (1)

Products: Msi: Dragon Center

Msi

1 product

Dragon Center

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Msi Dragon Center	Before 2.0.98.0

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://github.com/kronl/cve/tree/master/MSI_Dragon_Center

Source: cve@mitre.org

Broken LinkThird Party Advisory

https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/kronl/cve/tree/master/MSI_Dragon_Center

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.