Vulnerability Description
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cpuid | Cpu-Z | <= 1.81 |
References
- https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15302/README.mdThird Party Advisory
- https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15302/README.mdThird Party Advisory
FAQ
What is CVE-2017-15302?
CVE-2017-15302 is a vulnerability with a CVSS score of 7.8 (HIGH). In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, bec...
How severe is CVE-2017-15302?
CVE-2017-15302 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15302?
Check the references section above for vendor advisories and patch information. Affected products include: Cpuid Cpu-Z.