Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
WindowsKernelVuln/CVE-2023-1679/
WindowsKernelVuln/CVE-2023-1679/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.

DriverGenius, mydrivers64.sys, Read/Write Arbitrary Physical Memory

Vulnerability Info

Version

Impact

Read/Write Arbitrary Physical Memory

Description

From IoControlCode 0x9C406104 and 0x9C40A108, a normal user can read and write physical memory arbitrarily, which can lead to escalation of privilege or kernel execution.

Reproduce

In the attached file ReadWriteArbitraryPhysicalMemory.zip, there are ReadWriteArbitraryPhysicalMemory.exe, ReadWriteArbitraryPhysicalMemory.cpp, DGSetup_Home_BZNR.exe, and mydrivers64.sys. ReadWriteArbitraryPhysicalMemory.exe is the PoC to read and write physical memory where DGSetup_Home_BZNR.exe which contains the vulnerable driver mydrivers64.sys is installed, and ReadWriteArbitraryPhysicalMemory.cpp is the source code of ReadWriteArbitraryPhysicalMemory.exe. To reproduce the issue, install DGSetup_Home_BZNR.exe and execute ReadWriteArbitraryPhysicalMemory.exe. It is expected that the physical memory at address 0 will be read and written to 0xdeadbeef, then read again to show the new value. Password for attachment: ReadWriteArbitraryPhysicalMemory https://drive.google.com/file/d/1Iz4VTUUVDveZlgtxN9WkvdygHkD1BUCr/view?usp=sharing