CVE-2021-41285

HIGH EXPLOITED

Ballistix MOD Utility <2.0.2.5 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2021-41285 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/

Scores

CVSS v3 7.8

EPSS 0.0052

EPSS Percentile 40.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-11-06

Status published

Products (1)

micron/ballistix_memory_overview_display_utility < 2.0.2.5

Published Oct 04, 2021

Tracked Since Feb 18, 2026