CVE-2026-57851
Micro-Star International (MSI) · KernCoreLib64.sys
A local privilege escalation vulnerability exists in the MSI KernCoreLib64.sys kernel driver due to insufficient access control on exposed IOCTL handlers.
Executive summary
A critical local privilege escalation vulnerability in the MSI KernCoreLib64.sys driver allows unprivileged users to gain kernel-level access and compromise system security.
Vulnerability
This vulnerability involves an exposed IOCTL handler (CWE-782) that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations. By interacting with these handlers, an attacker can manipulate kernel objects, bypass security protections, and disable security software without requiring administrative privileges.
Business impact
The CVSS score of 7.8 (High) reflects the significant risk of full system compromise. Because this vulnerability allows an attacker to escalate privileges to the kernel level, it enables the total bypass of endpoint protection, potential exfiltration of sensitive data, and the ability to maintain persistent unauthorized access. The capability to disable security software poses a severe threat to the integrity and confidentiality of the entire host environment.
Remediation
Immediate Action: There is no specific patch version provided; monitor the vendor’s official support channels for an updated driver release and apply it immediately upon availability.
Proactive Monitoring: Audit system logs for unusual device driver interactions or unauthorized attempts to access low-level kernel memory interfaces.
Compensating Controls: Restrict local user permissions where possible and ensure endpoint detection and response (EDR) solutions are configured to monitor for suspicious kernel-mode activity or unauthorized privilege escalation attempts.
Exploitation status
Public Exploit Available: true
Analyst recommendation
Due to the severity of a kernel-level privilege escalation and the availability of public exploit code, this vulnerability should be treated with high urgency. Administrators must prioritize identifying systems running the affected MSI driver and apply vendor-supplied updates as soon as they are released to prevent potential system compromise.