CVE-2021-27965

CRITICAL

MSI Dragon Center <2.0.98.0 - Privilege Escalation

Title source: llm

Description

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

Exploits (3)

nomisec WORKING POC 12 stars

by mathisvickie · poc

https://github.com/mathisvickie/CVE-2021-27965

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by fengjixuchui · poc

https://github.com/fengjixuchui/CVE-2021-27965

View Code ZIP pw:eip

nomisec WORKING POC

by Jeromeyoung · poc

https://github.com/Jeromeyoung/CVE-2021-27965

View Code ZIP pw:eip

References (2)

[Broken Link, Third Party Advisory] https://github.com/kronl/cve/tree/master/MSI_Dragon_Center

[Patch, Vendor Advisory] https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab

Scores

CVSS v3 9.8

EPSS 0.1598

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

msi/dragon_center < 2.0.98.0

Published Mar 05, 2021

Tracked Since Feb 18, 2026