CVE-2019-18845

HIGH

Patriot Viper RGB <1.1 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-18845. PoCs published by fengjixuchui.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2019-18845, which leverages arbitrary kernel physical memory read/write via the MsIo64.sys/MsIo32.sys drivers in Patriot Viper RGB software. The exploit demonstrates the vulnerability by sending crafted IOCTL requests to the driver, though the full memory manipulation logic is not fully implemented in the provided code.

Description

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

Exploits (1)

nomisec WORKING POC 2 stars
by fengjixuchui · poc
https://github.com/fengjixuchui/CVE-2019-18845

The repository contains a functional exploit for CVE-2019-18845, which leverages arbitrary kernel physical memory read/write via the MsIo64.sys/MsIo32.sys drivers in Patriot Viper RGB software. The exploit demonstrates the vulnerability by sending crafted IOCTL requests to the driver, though the full memory manipulation logic is not fully implemented in the provided code.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: Patriot Viper RGB before 1.1
No auth needed
Prerequisites: Local access to the system · Presence of vulnerable MsIo64.sys/MsIo32.sys drivers
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.1
EPSS 0.0009
EPSS Percentile 25.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-269
Status published
Products (1)
patriotmemory/viper_rgb_firmware 1.0
Published Nov 09, 2019
Tracked Since Feb 18, 2026