CVE-2019-7245: 
TechPowerUp GPU-Z vulnerability analysis and mitigation

CVE-2019-7245 is a vulnerability discovered in TechPowerUp GPU-Z before version 2.23.0. The vulnerability was identified in the GPU-Z.sys driver component, which improperly exposes the wrmsr instruction via an IOCTL without properly validating the Model Specific Register (MSR). The issue was discovered in early 2019 and was fixed with the release of GPU-Z v2.23.0 (FireEye Advisory).

The vulnerability exists in IOCTL 0x8000644C of the GPU-Z driver, which allows modification of Model Specific Registers (MSRs) on the target system. The driver fails to properly filter access to critical MSRs, including registers 0xC0000081, 0xC0000082, 0xC0000083, 0x174, 0x175, and 0x176. These registers control various system functionalities, including the kernel mode system call handler. The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows attackers to overwrite the system call handler and execute arbitrary unsigned code in Ring-0 (kernel mode), effectively achieving privilege escalation. This level of access provides complete control over the affected system (FireEye Advisory).

The vulnerability has been fixed in GPU-Z version 2.23.0. Users are advised to upgrade to this version or later to mitigate the risk. The fix was released on August 6, 2019 (FireEye Advisory).