GPU-Z Driver Flaw Enables Low-Level Hardware Access, Fix in Progress

A newly discovered security flaw in the TRIXX.sys driver used by GPU-Z is raising concerns after researchers confirmed it allows deep system-level access, as IT Home reports. The issue stems from improper IOCTL handling and weak access validation, opening the door to potential abuse in advanced attack scenarios.

Improper IOCTL handling enables direct hardware access

The vulnerability allows user-mode applications to interact directly with sensitive low-level hardware functions. Researchers found that attackers can access PCI configuration space and manipulate Base Address Registers (BARs), which control how devices communicate with system memory.

This level of access can enable reading physical memory, modifying memory mappings, and potentially bypassing operating system protections. While the flaw does not allow remote exploitation, it becomes dangerous once an attacker gains local execution on a system.

Signed driver increases risk in BYOVD attacks

The TRIXX.sys driver carries a valid Extended Validation (EV) certificate, meaning Windows trusts and loads it without warnings. This makes it a viable candidate for Bring Your Own Vulnerable Driver (BYOVD) attacks, where threat actors deploy legitimate but flawed drivers to escalate privileges or disable security protections.

Proof-of-concept exploits already demonstrate that the vulnerability can be used in real-world attack chains, especially in targeted environments.

Fix in progress as users urged to stay cautious

The GPU-Z developer has acknowledged the issue and is currently working on a fix. Until a patched version becomes available, users should avoid running unknown executables and remain cautious with third-party utilities that rely on low-level drivers.

Although the vulnerability presents limited risk for everyday users, it poses a higher threat in compromised systems or enterprise environments where attackers can leverage it for deeper access.

In other security news, the RedSun exploit reportedly bypasses Microsoft Defender, while multiple zero-day vulnerabilities are currently being exploited in the wild. Separately, Microsoft has warned users about macOS attacks hidden within fake job interview campaigns.

Via Guru3D