CVE-2026-57851

Summary

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privileges. Attackers can exploit the accessible device object through IOCTL handlers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software.

Affected Software

VendorProductVersion RangeStatus
Micro-Star International (MSI)KernCoreLib64.sysphysical memoryaffected
Micro-Star International (MSI)KernCoreLib64.sysI/O portsaffected

Weaknesses

  • CWE-782: Exposed IOCTL with Insufficient Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References