CVE-2021-44852

HIGH

Biostar RACING GT Evo <2.1.1905.1700 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44852. PoCs published by CrackerCat.

AI-analyzed exploit summary This exploit targets CVE-2021-44852, a vulnerability in BS_RCIO64.sys allowing arbitrary physical memory access and code execution via IOCTL calls. The PoC includes shellcode to escalate privileges by modifying the SYSTEM process token.

Description

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.

Exploits (1)

nomisec WORKING POC 1 stars

by CrackerCat · poc

https://github.com/CrackerCat/CVE-2021-44852

View Code ZIP pw:eip

This exploit targets CVE-2021-44852, a vulnerability in BS_RCIO64.sys allowing arbitrary physical memory access and code execution via IOCTL calls. The PoC includes shellcode to escalate privileges by modifying the SYSTEM process token.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Biostar RACING GT Evo 2.1.1905.1700 (BS_RCIO64.sys)

No auth needed

Prerequisites: Windows 7 SP1 x64-86 · Low-integrity process access to the driver's device object

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://nephosec.com/biostar-exploit/

Scores

CVSS v3 7.8

EPSS 0.0186

EPSS Percentile 83.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

biostar/racing_gt_evo 2.1.1905.1700

Published Jan 01, 2022

Tracked Since Feb 18, 2026