The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process.
References
Link | Resource |
---|---|
https://posts.specterops.io/cve-2020-14979-local-privilege-escalation-in-evga-precisionx1-cf63c6b95896 | Third Party Advisory |
https://www.evga.com/precisionx1/ | Product Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-11T17:55:13
Updated: 2020-08-13T17:49:10
Reserved: 2020-06-22T00:00:00
Link: CVE-2020-14979
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-11T18:15:12.910
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-14979
JSON object: View
Redhat Information
No data.
CWE