MSI Afterburner v4.6.5.16370 - DoS
4.4
Medium
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
MSI Afterburner v4.6.5.16370 - Denial of Service
Code name
State
Public
Release date
Mar 6, 2024
Affected product
MSI Afterburner
Vendor
Micro-Star INT'L CO.
Affected version(s)
Version 4.6.5.16370
Vulnerability name
Denial of Service (DoS)
Vulnerability type
Remotely exploitable
No
CVSS v3.0 vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVSS v3.0 base score
4.4
Exploit available
Yes
CVE ID(s)
Description
MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver.
Vulnerability
The 0x80002000 IOCTL code of the RTCore64.sys driver allows to perform a Denial of Service, leading to a BSOD of the affected computer caused by a NULL pointer dereference. The handle to the driver can only be obtained from a high integrity process.
The prologue of the vulnerable function sub_11150 is:
At [1] value of second parameter on RDX register is assigned to RDI. The second parameter is a pointer to the SystemBuffer obtained from the IRP object (pIrp->AssociatedIrp.SystemBuffer) and it's controlled by the attacker in the lpInBuffer value on the IOCTL request call. At [2] the value is dereferenced without checking if it's a valid memory address, which result in a NULL pointer dereference when the attacker sends a NULL lpInputBuffer value:
Our security policy
We have reserved the ID CVE-2024-1443 to refer to this issue from now on. Disclosure policy
System Information
Version: MSI Afterburner v4.6.5.16370
Operating System: Windows
Mitigation
The vendor published a the version 4.6.6 Beta 4 Build 16449 fixing this vulnerability:
References
Timeline
Vulnerability discovered
Feb 8, 2024
Vulnerability patched
May 17, 2024
Vendor contacted
Feb 23, 2024
Public disclosure
Mar 6, 2024
