// For flags

CVE-2018-8060

 

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.

El controlador del Kernel HWiNFO AMD64, en versiones 8.98 y anteriores, permite que un usuario sin privilegios envíe una llamada IOCTL al controlador del dispositivo. Si los punteros de entrada y/o salida son NULL o si sus datos no son válidos, ocurre un acceso al puntero NULL/inválido, lo que resulta en un pánico del kernel de Windows, también denominado Blue Screen. Esto afecta a los IOCTL mayores que 0x85FE2600 con el nombre de dispositivo simbólico HWiNFO32.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-03-11 CVE Reserved
  • 2018-05-10 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://github.com/otavioarj/SIOCtl 2024-08-05
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hwinfo
Search vendor "Hwinfo"
Amd64 Kernel Driver
Search vendor "Hwinfo" for product "Amd64 Kernel Driver"
<= 8.98
Search vendor "Hwinfo" for product "Amd64 Kernel Driver" and version " <= 8.98"
-
Affected