GermanAizek / WinRing0

WinRing0 is a hardware access library for Windows.
GNU General Public License v3.0
285 stars 69 forks source link

Handle the CVE, regarding Avast/AVG detections #9

Open PatrickSchmidtSE opened 1 year ago

PatrickSchmidtSE commented 1 year ago

Currently all winRing0 drivers have an open CVE.

https://github.com/LibreHardwareMonitor/LibreHardwareMonitor/issues/984 https://www.cvedetails.com/cve/CVE-2020-14979/

Is this something, that could be adressed here?

GermanAizek commented 1 year ago

@SearchForTheCode, I didn't know about this, thank you so much for the information, I'll try to find out if there is this CVE in our sources. Is there no public POC exploit?

PatrickSchmidtSE commented 1 year ago

Youre welcome. To me the problem seems to lie in the access which should use the secure methods. image Also here (https://github.com/LibreHardwareMonitor/LibreHardwareMonitor/issues/984) they suggest to change the _PHYSICAL_MEMORY_SUPPORT .

They did not do it , because you probably need to sign the driver new, and this seems to be complicated :/

There is an article from 2019 on how to exploit, because HP used the driver on ALL notebooks .. https://www.safebreach.com/resources/hp-touchpoint-analytics-dll-search-order-hijacking-potential-abuses-cve-2019-6333/

GermanAizek commented 1 year ago

@SearchForTheCode, to sign driver, an EV certificate is required, it is unlikely that I will be able to get it, since I am not a legal entity. But I am able to fix this CVE.

PatrickSchmidtSE commented 1 year ago

Yes, thats sadly true. Hard restrictions from MS here.