CVE-2024-12227

MEDIUM

MSI Dragon Center <2.0.146.0 - Null Pointer Dereference

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-12227. PoCs published by HI0U.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2024-12227, a null pointer dereference vulnerability in MSI Dragon Center's NTIOLib_X64.sys driver. The PoC triggers a BSOD by sending a crafted IOCTL request to the driver, which fails to check the return value of MmMapIoSpace before calling MmUnmapIoSpace.

Description

A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component.

Exploits (1)

nomisec WORKING POC 1 stars

by HI0U · poc

https://github.com/HI0U/POC-CVE-2024-12227

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2024-12227, a null pointer dereference vulnerability in MSI Dragon Center's NTIOLib_X64.sys driver. The PoC triggers a BSOD by sending a crafted IOCTL request to the driver, which fails to check the return value of MmMapIoSpace before calling MmUnmapIoSpace.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MSI Dragon Center NTIOLib_X64.sys v3.0.0.10

No auth needed

Prerequisites: Windows 10/11 · MSI Dragon Center with NTIOLib_X64.sys v3.0.0.10 · Python 3.x

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.286959

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.286959

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.456017

Various Sources related

https://shareforall.notion.site/MSI-Dragon-Center-NTIOLib_X64-0xC3506104-MmMapIoSpace-DOS-15160437bb1e801daf58d4aea052970e

Various Sources broken-link patch

https://www.msi.com/Landing/dragon-center-download/nb

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 8.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-404 CWE-476

Status published

Products (1)

MSI/Dragon Center 2.0.146

Published Dec 05, 2024

Tracked Since Feb 18, 2026