CVE-2022-3699 PoC — Lenovo Diagnostics 缓冲区错误漏洞

Source

https://github.com/Eap2468/CVE-2022-3699

Associated Vulnerability

Title:Lenovo Diagnostics 缓冲区错误漏洞 (CVE-2022-3699)
Description: A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.

Description

Proof of Concept exploit for CVE-2022-3699

Readme

# CVE-2022-3699
Proof of Concept exploit for CVE-2022-3699

Exploit tested on Windows 10 22H2 build 19045.4651 and build 19045.3803

Vulnerability deals with allowing unprivileged users to access functionality that lets you read and write from physical memory from the instance of the kernel, however since the primitives deal with physical memory there's a bit of extra work needed to weaponize it

Stole the idea for getting the virtual read primitive from alfarom256 who got it from ch3rn0byl

![image](https://github.com/user-attachments/assets/20cbf2a5-85c4-4e7e-a807-ccadd12b2ca8)

File Snapshot


 [4.0K]  /data/pocs/d4b96c26a507a84eb1218b0728d6cad06ec9837a
├── [4.0K]  CVE-2022-3699
│   ├── [6.6K]  CVE-2022-3699.vcxproj
│   ├── [ 977]  CVE-2022-3699.vcxproj.filters
│   ├── [ 168]  CVE-2022-3699.vcxproj.user
│   └── [ 10K]  Main.cpp
├── [1.4K]  CVE-2022-3699.sln
└── [ 587]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!