CVE-2018-8060

low-risk
Published 2018-05-10

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.

Do I need to act?

-
0.80% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Amd64 Kernel Driver

Affected Vendors

Hwinfo

References (2)

Exploit https://github.com/otavioarj/SIOCtl
Exploit https://github.com/otavioarj/SIOCtl
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 3/34 · Minimal
Exposure 5/34 · Minimal