CVE-2021-44852

HIGH

Biostar RACING GT Evo <2.1.1905.1700 - Code Injection

Title source: llm

Description

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.

Exploits (3)

nomisec WORKING POC 1 stars

by CrackerCat · poc

https://github.com/CrackerCat/CVE-2021-44852

View Code ZIP pw:eip

inthewild

poc

https://github.com/expflash/cve-2021-44852

View on inthewild

inthewild

poc

https://github.com/exploitables/cve-2021-44852

View on inthewild

References (1)

[Exploit, Third Party Advisory] https://nephosec.com/biostar-exploit/

Scores

CVSS v3 7.8

EPSS 0.0186

EPSS Percentile 83.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

biostar/racing_gt_evo 2.1.1905.1700

Published Jan 01, 2022

Tracked Since Feb 18, 2026