CVE-2017-15303

Name: CVE-2017-15303
Creator: NVD / NIST
Published: 2017-10-16T01:29:00.967+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.53%

Last modified Jun 17, 2026

CVE-2017-15303 is a vulnerability of currently unknown severity. In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).. EPSS estimates a 1.53% chance of exploitation in the next 30 days.

Description

In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).

Metrics

EPSS Probability

1.53%

71.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Cpuid	Cpu-Z	<= 1.42

References

https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15303/README.mdThird Party Advisory
https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15303/README.mdThird Party Advisory

Timeline

Published: Oct 16, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-15303?

How severe is CVE-2017-15303?

Severity scoring for CVE-2017-15303 is pending analysis. The EPSS model estimates a 1.53% probability of exploitation in the next 30 days.

How do I fix CVE-2017-15303?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15303?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST