CVE-2020-14979

HIGH EXPLOITED

EVGA Precision X1 <1.0.6 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-14979 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including hexatriene.

AI-analyzed exploit summary This repository provides a detailed guide and PowerShell scripts to permanently remove or block the vulnerable Intel NUC WinRing0 driver (CVE-2020-14979) by disabling the ACPI device or blocking driver updates via Group Policy.

Description

The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process.

Exploits (1)

nomisec WRITEUP
by hexatriene · poc
https://github.com/hexatriene/nuc-winring0-fix

This repository provides a detailed guide and PowerShell scripts to permanently remove or block the vulnerable Intel NUC WinRing0 driver (CVE-2020-14979) by disabling the ACPI device or blocking driver updates via Group Policy.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Intel NUC Software Studio Service (OpenHardwareMonitorLib.sys)
Auth required
Prerequisites: Administrator privileges · Intel NUC Performance Driver installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.evga.com/precisionx1/

Scores

CVSS v3 7.8
EPSS 0.0060
EPSS Percentile 44.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-11-06
Status published
Products (2)
evga/precision_x1 < 1.0.6
winring0_project/winring0 1.2.0
Published Aug 11, 2020
Tracked Since Feb 18, 2026