Share
## https://sploitus.com/exploit?id=AF2FFCEF-94F8-5C7C-94A2-B6EA88FD9A7B
# CVE-2021-21551
Proof of concept exploit for CVE-2021-21551, vulnerability comes from user provided addresses being provided as arguments to a memmove call allowing for an arbitary read/write (ioctls 0x9B0C1EC4 and 0x9B0C1EC8)  as well as the physical address parameter for a MmMapIoSpace call that provides another arbitary read/write (ioctls 0x9B0C1F40 and 0x9B0C1F44)

![Pasted image 20240802160935](https://github.com/user-attachments/assets/4c1cebe4-b4bf-48ec-b5a8-cc7643bd2ff4)