{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-31096","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-09-19T14:04:25.042Z","dateReserved":"2023-04-24T00:00:00.000Z","datePublished":"2023-10-10T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-10-10T18:05:34.641Z"},"descriptions":[{"lang":"en","value":"An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://www.broadcom.com"},{"url":"https://cschwarz1.github.io/posts/0x04/"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T14:45:25.772Z"},"title":"CVE Program Container","references":[{"url":"https://www.broadcom.com","tags":["x_transferred"]},{"url":"https://cschwarz1.github.io/posts/0x04/","tags":["x_transferred"]}]},{"affected":[{"vendor":"broadcom","product":"lsi_pci-sv92ex_firmware","cpes":["cpe:2.3:o:broadcom:lsi_pci-sv92ex_firmware:2.2.100.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"2.2.100.1","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-19T14:02:57.765231Z","id":"CVE-2023-31096","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-19T14:04:25.042Z"}}]}}