CVE-2025-70616

HIGH

Wincor Nixdorf wnBios64.sys 1.2.0.0 - Buffer Overflow

Title source: llm

Description

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries.

References (1)

Core 1

Core References

Various Sources

https://github.com/250wuyifan/wnBios64-CVE

View Writeup ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

dieboldnixdorf/wnbios64.sys 1.2.0.0

Published Mar 05, 2026

Tracked Since Mar 06, 2026