CVE-2020-14979

HIGH EXPLOITED

EVGA Precision X1 <1.0.6 - Memory Corruption

Title source: llm

Description

The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process.

Exploits (1)

nomisec WRITEUP

by hexatriene · poc

https://github.com/hexatriene/nuc-winring0-fix

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://posts.specterops.io/cve-2020-14979-local-privilege-escalation-in-evga-precisionx1-cf63c6b95896

[Product, Vendor Advisory] https://www.evga.com/precisionx1/

Scores

CVSS v3 7.8

EPSS 0.0039

EPSS Percentile 59.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-11-06

Status published

Products (2)

evga/precision_x1 < 1.0.6

winring0_project/winring0 1.2.0

Published Aug 11, 2020

Tracked Since Feb 18, 2026