Overview
CVE-2025-63602 identifies a critical vulnerability in Awesome Miner, versions up to and including 11.2.4. This vulnerability allows an unprivileged user to achieve arbitrary read and write access to kernel memory and Model-Specific Registers (MSRs), including the LSTAR register. This is due to the presence of an outdated and insecure version of WinRing0 (specifically version 1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) lacking a properly secured Discretionary Access Control List (DACL). This flaw enables unprivileged users to interact directly with the driver, effectively granting them control over the kernel. This can lead to local privilege escalation, information disclosure, denial of service, and other potentially severe consequences.
Technical Details
The core issue resides in the insecure implementation of WinRing0 within Awesome Miner. WinRing0 is a driver designed to provide user-mode access to hardware resources. However, the version bundled with Awesome Miner (IntelliBreeze.Maintenance.Service.sys, based on WinRing0 1.2.0.5) contains a critical flaw: its DACL is not properly configured. This missing or improperly configured DACL allows any unprivileged user account to communicate with the driver.
By interacting with the vulnerable driver, an attacker can craft specific requests to read or write directly to kernel memory. The ability to write to MSRs, particularly the LSTAR register (which controls the system call handler), allows an attacker to effectively hijack system calls. This hijacking enables the attacker to execute arbitrary code with kernel privileges, bypassing security restrictions and potentially taking complete control of the system.
CVSS Analysis
The CVSS score for CVE-2025-63602 is currently N/A, as a formal score has not yet been assigned at the time of this writing. However, based on the severity of the vulnerability – unprivileged kernel memory access – it is expected that the CVSS score will be high to critical. The attack vector is local, but the potential impact is extremely high due to the ability to gain complete system control.
Possible Impact
The impact of CVE-2025-63602 is significant and far-reaching:
- Local Privilege Escalation: An unprivileged user can gain complete system administrator privileges.
- Information Disclosure: Sensitive kernel memory can be read, revealing confidential data such as passwords, cryptographic keys, and other sensitive information.
- Denial of Service (DoS): The attacker can crash the system by writing to critical kernel memory locations.
- Arbitrary Code Execution: System call hijacking allows for the execution of arbitrary code with kernel privileges.
- Persistence: Attackers can install persistent malware that survives system reboots.
Mitigation and Patch Steps
The primary mitigation is to update Awesome Miner to a version that addresses this vulnerability. Check the Awesome Miner website for updates and announcements.
Recommended steps:
- Update Awesome Miner: Upgrade to the latest version available on the Awesome Miner download page as soon as a fix is released.
- Monitor for Updates: Regularly check the Awesome Miner website for security updates and advisories.
- Workaround (If no patch available): If an immediate update is not possible, consider temporarily disabling Awesome Miner or isolating the affected system to limit the potential impact until a patch can be applied. However, this may impact mining operations.
