PhysMem(e): When Kernel Drivers Peek into Memory CVE-2024-41498 - #CVE-2024-41498
A vulnerability identified as CVE-2024-41498 in the Windows IOMap64.sys driver, discovered by RevEng.AI researchers, allows for unauthorized reading and writing of the entire system memory. The vulnerability is significant as it can be exploited through Bring Your Own Vulnerable Driver (BYOVD) mechanisms, potentially granting attackers kernel privileges. The driver, signed by ASUS, was found to contain exploitable software faults related to how it handles I/O request packets and device control operations. Researchers developed a proof of concept that initially caused system crashes, but these issues were eventually resolved. The study concludes with indicators of compromise and a YARA rule to detect the vulnerable driver, highlighting the critical nature of secure driver development and the potential risks posed by minor coding errors.