Privilege Escalation
Patriot Memory
CVE-2019-18845
- Viper RGB version 1.0
MsIo64.sys/MsIo32.sys driver in Viper RGB version 1.0 allows local users (including low integrity processes) to read and write arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM
privileges via mapping \Device\PhysicalMemory
into the calling process using ZwOpenSection
and ZwMapViewOfSection
.
The vendor has released a patch in version 1.1 addressing this vulnerability.
This vulnerability was found by Hashim Jawad of ACTIVELabs.
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18845
- https://nvd.nist.gov/vuln/detail/CVE-2019-18845
- 10-04-19: ACTIVELabs contacted Patriot Memory on Twitter requesting security contact
- 10-04-19: Patriot Memory asked to send vulnerability details to support@patriotmem.com
- 10-04-19: ACTIVELabs sent vulnerability details to Patriot Memory support
- 10-09-19: ACTIVELabs requested an update
- 10-09-19: Patriot Memory support responded that R&D team are in the process of testing and patching the vulnerability
- 10-28-19: Patriot Memory support communicated that patch has be produced and requested ACTIVELabs to test the patch before release
- 11-01-19: ACTIVELabs confirmed the patch has nullified the vulnerability
- 11-05-19: Patriot Memory informed ACTIVELabs the patch has been pushed to the website and requested to provide CVE number once assigned
- 11-08-19: ACTIVELabs publishes this advisory
- 11-08-19: ACTIVELabs request CVE from MITRE