Home

Description

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privileges. Attackers can exploit the accessible device object through IOCTL handlers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software.

PUBLISHED Reserved 2026-06-25 | Published 2026-07-07 | Updated 2026-07-09 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Exposed IOCTL with Insufficient Access Control

Product status

Default status
affected

Any version
affected

Credits

Turan Doruk Cerit reporter

References

github.com/readmsr/MSI_FeatureManager_CVE (MSI_FeatureManager_CVE PoC - readmsr) exploit

www.vulncheck.com/...privilege-escalation-via-ioctl-handlers third-party-advisory

cve.org (CVE-2026-57851)

nvd.nist.gov (CVE-2026-57851)

Download JSON