Strix
26.1K

CVE-2017-15302

UnknownEPSS 0.38%

Last modified

CVE-2017-15302 is a vulnerability of currently unknown severity. In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL.

Metrics

EPSS Probability
0.38%

29.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
CpuidCpu-Z<= 1.81

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-15302?
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL.
How severe is CVE-2017-15302?
Severity scoring for CVE-2017-15302 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.
How do I fix CVE-2017-15302?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15302?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST