CVE-2021-44852

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://nephosec.com/biostar-exploit/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:biostar:racing_gt_evo:2.1.1905.1700:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-668~~	NVD-CWE-Other

Information

Published : 2022-01-01 06:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-44852

Mitre link : CVE-2021-44852

CVE.ORG link : CVE-2021-44852

JSON object : View

Products Affected

biostar

racing_gt_evo

CWE

NVD-CWE-Other

{"id": "CVE-2021-44852", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-01-01T06:15:07.453", "references": [{"url": "https://nephosec.com/biostar-exploit/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000."}, {"lang": "es", "value": "Se ha detectado un problema en el archivo BS_RCIO64.sys en Biostar RACING GT Evo versi\u00f3n 2.1.1905.1700. Un proceso de baja integridad puede abrir el objeto de dispositivo del controlador y emitir IOCTL para leer o escribir en ubicaciones de memoria f\u00edsica arbitrarias (o llamar a una direcci\u00f3n arbitraria), conllevando a una ejecuci\u00f3n de c\u00f3digo arbitrario. Esto est\u00e1 asociado con 0x226040, 0x226044 y 0x226000.\n"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:biostar:racing_gt_evo:2.1.1905.1700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E29A0F-B18E-4EDD-AC6A-85C41F30883C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}