HWiNFO AMD64 Kernel Driver up to 8.98 null pointer dereference

Summaryinfo

A vulnerability described as critical has been identified in HWiNFO AMD64 Kernel Driver up to 8.98. Affected is an unknown function. Executing a manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2018-8060. It is possible to launch the attack on the local host. There is not any exploit available.

Detailsinfo

A vulnerability was found in HWiNFO AMD64 Kernel Driver up to 8.98 (Hardware Driver Software). It has been declared as critical. This vulnerability affects an unknown code block. The manipulation with an unknown input leads to a null pointer dereference vulnerability. The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. As an impact it is known to affect availability. CVE summarizes:

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.

The bug was discovered 03/11/2018. The weakness was released 05/10/2018 (Website). The advisory is shared for download at github.com. This vulnerability was named CVE-2018-8060 since 03/11/2018. The exploitation appears to be easy. The attack needs to be approached locally. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 59 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entry connected to this vulnerability is available at VDB-117557. Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Hardware Driver Software

Vendor

• HWiNFO

Name

• AMD64 Kernel Driver

Version

• 8.0
• 8.1
• 8.2
• 8.3
• 8.4
• 8.5
• 8.6
• 8.7
• 8.8
• 8.9
• 8.10
• 8.11
• 8.12
• 8.13
• 8.14
• 8.15
• 8.16
• 8.17
• 8.18
• 8.19
• 8.20
• 8.21
• 8.22
• 8.23
• 8.24
• 8.25
• 8.26
• 8.27
• 8.28
• 8.29
• 8.30
• 8.31
• 8.32
• 8.33
• 8.34
• 8.35
• 8.36
• 8.37
• 8.38
• 8.39
• 8.40
• 8.41
• 8.42
• 8.43
• 8.44
• 8.45
• 8.46
• 8.47
• 8.48
• 8.49
• 8.50
• 8.51
• 8.52
• 8.53
• 8.54
• 8.55
• 8.56
• 8.57
• 8.58
• 8.59
• 8.60
• 8.61
• 8.62
• 8.63
• 8.64
• 8.65
• 8.66
• 8.67
• 8.68
• 8.69
• 8.70
• 8.71
• 8.72
• 8.73
• 8.74
• 8.75
• 8.76
• 8.77
• 8.78
• 8.79
• 8.80
• 8.81
• 8.82
• 8.83
• 8.84
• 8.85
• 8.86
• 8.87
• 8.88
• 8.89
• 8.90
• 8.91
• 8.92
• 8.93
• 8.94
• 8.95
• 8.96
• 8.97
• 8.98

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion