{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-16T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15302/README.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15302", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15302/README.md", "refsource": "MISC", "url": "https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15302/README.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.499Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15302/README.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15302", "datePublished": "2017-10-16T01:00:00", "dateReserved": "2017-10-14T00:00:00", "dateUpdated": "2024-08-05T19:50:16.499Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cpuid:cpu-z:*:*:*:*:*:windows:*:*", "matchCriteriaId": "3862479F-3E2F-444B-A942-C6EBAE876E3D", "versionEndIncluding": "1.81", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL."}, {"lang": "es", "value": "En CPUID CPU-Z hasta la versi\u00f3n 1.81, hay derechos de acceso incorrectos al controlador del modo kernel (ej.: cpuz143_x64.sys para la versi\u00f3n 1.43) que pueden dar como resultado una revelaci\u00f3n de informaci\u00f3n o una elevaci\u00f3n de privilegios, debido a una lectura arbitraria de cualquier direcci\u00f3n f\u00edsica mediante una llamada IOCTL 0x9C402604. Cualquier aplicaci\u00f3n que se ejecute en el sistema (Windows), incluidos los usuarios en sandbox, puede realizar una llamada IOCTL a este controlador sin ninguna validaci\u00f3n. Adem\u00e1s, el controlador puede asignar cualquier p\u00e1gina f\u00edsica en el sistema y devolver al usuario la direcci\u00f3n de la p\u00e1gina de asignaci\u00f3n asignada. Esto desemboca en una revelaci\u00f3n de informaci\u00f3n y una elevaci\u00f3n de privilegios. NOTA: el fabricante indica que la lectura arbitraria en s\u00ed es un comportamiento intencionado (para la funcionalidad de escaneo ACPI). El problema de seguridad es la falta de una lista de control de acceso o ACL."}], "id": "CVE-2017-15302", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-16T01:29:00.937", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15302/README.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/akayn/Bugs/blob/master/CPUID/CVE-2017-15302/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}