CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27813
https://notcve.org/view.php?id=CVE-2025-27813
10 Apr 2025 — MSI Center before 2.0.52.0 has Missing PE Signature Validation. • https://csr.msi.com/global/product-security-advisories • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27812
https://notcve.org/view.php?id=CVE-2025-27812
10 Apr 2025 — MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. • https://csr.msi.com/global/product-security-advisories • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12227 – MSI Dragon Center IOCTL NTIOLib_X64.sys MmUnMapIoSpace null pointer dereference
https://notcve.org/view.php?id=CVE-2024-12227
05 Dec 2024 — A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. • https://shareforall.notion.site/MSI-Dragon-Center-NTIOLib_X64-0xC3506104-MmMapIoSpace-DOS-15160437bb1e801daf58d4aea052970e • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 8.2EPSS: 1%CPEs: 7EXPL: 2CVE-2024-36877
https://notcve.org/view.php?id=CVE-2024-36877
12 Aug 2024 — Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-wh... • https://github.com/jjensn/CVE-2024-36877 • CWE-123: Write-what-where Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3745 – MSI Afterburner v4.6.6.16381 Beta 3 - ACL Bypass
https://notcve.org/view.php?id=CVE-2024-3745
18 May 2024 — MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user. MSI Afterburner v4.6.6.16381 Beta 3 es vulnerable a una vulnerabilidad de derivación de ACL en el controlador RTCore64.sys, lo que provoca la activación de vulnerabilidades como CVE-2024-1443 y CVE-2024-1460 por parte de un usuario con pocos privilegios. • https://fluidattacks.com/advisories/gershwin • CWE-863: Incorrect Authorization •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1460 – MSI Afterburner v4.6.5.16370 - Kernel Memory Leak
https://notcve.org/view.php?id=CVE-2024-1460
07 Mar 2024 — MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. MSI Afterburner v4.6.5.16370 afectado por una vulnerabilidad de pérdida de memoria del kernel al activar el código IOCTL 0x80002040 del controlador RTCore64.sys. El manejo del conductor sólo se puede obtener mediante un proceso de alta integridad. MSI Afterburner v4.6.5.16370 is vulner... • https://fluidattacks.com/advisories/mingus • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1443 – MSI Afterburner v4.6.5.16370 - Denial of Service
https://notcve.org/view.php?id=CVE-2024-1443
07 Mar 2024 — MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. MSI Afterburner v4.6.5.16370 afectado por una vulnerabilidad de denegación de servicio al activar el código IOCTL 0x80002000 del controlador RTCore64.sys. El manejo del conductor sólo se puede obtener mediante un proceso de alta integridad. MSI Afterburner v4.6.5.16370 is vulnerable to ... • https://fluidattacks.com/advisories/coltrane • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32415
https://notcve.org/view.php?id=CVE-2021-32415
13 Dec 2022 — EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates. Las versiones de EXEMSI MSI Wrapper anteriores a 10.0.50 y al menos desde la versión 6.0.91 introducirán una vulnerabilidad de escalada de privilegios local en los instaladores que cree. • http://exemsi.com •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31877
https://notcve.org/view.php?id=CVE-2022-31877
28 Nov 2022 — An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. Un problema en el componente MSI.TerminalServer.exe de MSI Center v1.0.41.0 permite a los atacantes escalar privilegios a través de un paquete TCP manipulado. • http://msi.com • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-38532
https://notcve.org/view.php?id=CVE-2022-38532
19 Sep 2022 — Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable. Se ha detectado que MSI Center versión 1.0.50.0 de Micro-Star International Co., Ltd, contiene una vulnerabilidad en el componente C_Features del archivo MSI.CentralServer.exe. Esta vulnerabilidad permite a atacantes escalar privilegios por medio del funcionamiento de ... • https://github.com/nam3lum/msi-central_privesc •