Crucial by Micron Technology, Inc Ballistix MOD Utility v.<= 220.127.116.11 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the
MODAPI.sys driver component.
All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:
- Directly interact with physical memory via the
MmMapIoSpacefunction call, mapping physical memory into a virtual address user-space.
- Read/write Model-Specific Registers (MSRs) via the
- Read/write 1/2/4 bytes to or from an IO port.
Attackers could exploit these issues to achieve local privilege escalation from low-privileged users to