An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.

Information disclosure while parsing the OCI IE with invalid length.

Memory corruption while handling IOCTL call from user-space to set latency level.

Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.

Memory corruption while configuring a Hypervisor based input virtual device.

Memory corruption while parsing the memory map info in IOCTL calls.

Information disclosure during audio playback.

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

Memory corruption when IOCTL call is invoked from user-space to read board data.

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.