CVE-2024-12227

MEDIUM

MSI Dragon Center <2.0.146.0 - Null Pointer Dereference

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component.

Exploits (1)

nomisec WORKING POC 1 stars

by HI0U · poc

https://github.com/HI0U/POC-CVE-2024-12227

View Code ZIP pw:eip

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.286959

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.286959

[Permissions Required, VDB Entry] https://vuldb.com/?submit.456017

[Various Sources] https://shareforall.notion.site/MSI-Dragon-Center-NTIOLib_X64-0xC3506104-MmMapIoSpace-DOS-15160437bb1e801daf58d4aea052970e

[Various Sources] https://www.msi.com/Landing/dragon-center-download/nb

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 15.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-404 CWE-476

Status published

Products (1)

MSI/Dragon Center 2.0.146

Published Dec 05, 2024

Tracked Since Feb 18, 2026