Local Privilege Escalation Vulnerability in Broadcom LSI Soft Modem Driver
CVE-2023-31096

7.8HIGH

Key Information:

Vendor: Broadcom
Status: Lsi Pci-sv92ex Firmware
Vendor: CVE Published:; 10 October 2023

What is CVE-2023-31096?

A vulnerability exists in the Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver that allows an attacker to escalate privileges to the SYSTEM level via a stack overflow condition in RTLCopyMemory. This flaw enables exploitation from a medium-integrity process, which can circumvent kernel-level protections, including antivirus and protected process light (PPL) measures. The elevated privileges gained can be utilized in orchestrated ransomware attacks, particularly through bring-your-own-vulnerable-driver (BYOVD) tactics.

References

https://www.broadcom.com

https://cschwarz1.github.io/posts/0x04/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Apr 24, 2023