Vulnerabilities > CVE-2023-31096 - Out-of-bounds Write vulnerability in Broadcom LSI Pci-Sv92Ex Firmware 2.2.100.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

broadcom

CWE-787

NVD

Published: 2023-10-10

Updated: 2023-10-18

Summary

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.

Vulnerable Configurations

Part	Description	Count
OS	Broadcom Broadcom LSI PCI Sv92Ex Firmware - Broadcom LSI PCI Sv92Ex Firmware 2.2.100.1	2
Hardware	Broadcom Broadcom LSI PCI Sv92Ex -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References