An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.# CVE-2021-44852
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.
I recall conducting research on this particular vulnerability, considering it impossible to exploit. Well, that analysis would have been true if I was analyzing the correct function for IO control codes. Needless to say, I could not have been any more wrong.
This will become a functional exploit by tomorrow afternoon.
[4.0K] /data/pocs/641e052c9319ff1d8f30b7baa626e361d768bae7
├── [4.0K] CVE-2021-44852
│ ├── [1.4K] CVE-2021-44852.sln
│ ├── [6.5K] CVE-2021-44852.vcxproj
│ ├── [1.2K] CVE-2021-44852.vcxproj.filters
│ ├── [2.0K] exploit.c
│ ├── [ 168] exploit.h
│ └── [ 441] shellcode.asm
└── [ 687] README.md
1 directory, 7 files