Vulnerability Description
The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Evga | Precision X1 | <= 1.0.6 |
| Winring0 Project | Winring0 | 1.2.0 |
References
- https://posts.specterops.io/cve-2020-14979-local-privilege-escalation-in-evga-prThird Party Advisory
- https://www.evga.com/precisionx1/ProductVendor Advisory
- https://posts.specterops.io/cve-2020-14979-local-privilege-escalation-in-evga-prThird Party Advisory
- https://www.evga.com/precisionx1/ProductVendor Advisory
FAQ
What is CVE-2020-14979?
CVE-2020-14979 is a vulnerability with a CVSS score of 7.8 (HIGH). The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows...
How severe is CVE-2020-14979?
CVE-2020-14979 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14979?
Check the references section above for vendor advisories and patch information. Affected products include: Evga Precision X1, Winring0 Project Winring0.