CVE-2025-70616

{"id": "CVE-2025-70616", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-03-05T19:16:02.010", "references": [{"url": "https://github.com/250wuyifan/wnBios64-CVE", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer de pila en el controlador del kernel Wincor Nixdorf wnBios64.sys (versi\u00f3n 1.2.0.0) en el gestor IOCTL para el c\u00f3digo 0x80102058. La vulnerabilidad es causada por la falta de comprobaci\u00f3n de l\u00edmites en el par\u00e1metro Options controlado por el usuario antes de copiar datos en un b\u00fafer de pila de 40 bytes (Src[40]) usando memmove. Un atacante con acceso local puede explotar esta vulnerabilidad enviando una solicitud IOCTL manipulada con Options > 40, causando un desbordamiento de b\u00fafer de pila que puede conducir a la ejecuci\u00f3n de c\u00f3digo del kernel, escalada de privilegios local o denegaci\u00f3n de servicio (ca\u00edda del sistema). Adem\u00e1s, el mismo gestor IOCTL puede filtrar direcciones del kernel y otros datos sensibles de la pila al leer m\u00e1s all\u00e1 de los l\u00edmites del b\u00fafer."}], "lastModified": "2026-03-10T19:41:39.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dieboldnixdorf:wnbios64.sys:1.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6D0C47-69D0-4943-8E01-3954C50C3215"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}