WinRing0 icon indicating copy to clipboard operation
WinRing0 copied to clipboard

Published 20 hours ago verified publisher icon GermanAizek

Handle the CVE, regarding Avast/AVG detections

Open PatrickSchmidtSE opened this issue 1 year ago • 4 comments

Currently all winRing0 drivers have an open CVE.

https://github.com/LibreHardwareMonitor/LibreHardwareMonitor/issues/984 https://www.cvedetails.com/cve/CVE-2020-14979/

Is this something, that could be adressed here?

PatrickSchmidtSE avatar May 09 '23 12:05 PatrickSchmidtSE

@SearchForTheCode, I didn't know about this, thank you so much for the information, I'll try to find out if there is this CVE in our sources. Is there no public POC exploit?

GermanAizek avatar May 09 '23 13:05 GermanAizek

Youre welcome. To me the problem seems to lie in the access which should use the secure methods. image Also here (https://github.com/LibreHardwareMonitor/LibreHardwareMonitor/issues/984) they suggest to change the _PHYSICAL_MEMORY_SUPPORT .

They did not do it , because you probably need to sign the driver new, and this seems to be complicated :/

There is an article from 2019 on how to exploit, because HP used the driver on ALL notebooks .. https://www.safebreach.com/resources/hp-touchpoint-analytics-dll-search-order-hijacking-potential-abuses-cve-2019-6333/

PatrickSchmidtSE avatar May 09 '23 13:05 PatrickSchmidtSE

@SearchForTheCode, to sign driver, an EV certificate is required, it is unlikely that I will be able to get it, since I am not a legal entity. But I am able to fix this CVE.

GermanAizek avatar May 16 '23 17:05 GermanAizek

Yes, thats sadly true. Hard restrictions from MS here.

PatrickSchmidtSE avatar May 22 '23 05:05 PatrickSchmidtSE