CVE-2018-8060

MEDIUM

HWiNFO AMD64 Kernel driver <8.98 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8060. PoCs published by otavioarj.

AI-analyzed exploit summary This repository contains a generic IOCTL dispatcher PoC for CVE-2018-8060 and CVE-2018-8061, targeting the HWiNFO AMD64 Kernel driver. The exploit triggers a kernel panic (BSOD) by sending malformed IOCTL requests with null/invalid buffer pointers.

Description

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.

Exploits (1)

nomisec WORKING POC 5 stars

by otavioarj · poc

https://github.com/otavioarj/SIOCtl

View Code ZIP pw:eip

This repository contains a generic IOCTL dispatcher PoC for CVE-2018-8060 and CVE-2018-8061, targeting the HWiNFO AMD64 Kernel driver. The exploit triggers a kernel panic (BSOD) by sending malformed IOCTL requests with null/invalid buffer pointers.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: HWiNFO AMD64 Kernel driver version 8.98 and lower

No auth needed

Prerequisites: Access to the target system with the vulnerable HWiNFO driver installed

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/otavioarj/SIOCtl

Scores

CVSS v3 5.5

EPSS 0.0055

EPSS Percentile 42.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (1)

hwinfo/amd64_kernel_driver < 8.98

Published May 10, 2018

Tracked Since Feb 18, 2026