Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 10/05/2018 Updated: 13/06/2018

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hwinfo amd64 kernel driver

Simple IOCTL dispatcher for CVE-2018-8060/8061

SIOCtl Simple IOCTL dispatcher This is a generic IOCTL "dispatcher" I made this to be used as a POC for CVE 2018-8060 and 2018-8061, but it can be used to any device, IOCTL and data, thought Input data is a binary file, containing raw data to be used as input buffer in IO control Output data is displayed as hexdecimal dump CVE 2018-8060 Description: HWiNFO A

CWE-476 https://github.com/otavioarj/SIOCtl https://nvd.nist.gov https://github.com/otavioarj/SIOCtl

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-8060

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect