09c46890-5aa1-4122-962e-7ed94754e710

SmSerl64.sys :inline

Description

A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.

  • UUID: 09c46890-5aa1-4122-962e-7ed94754e710
  • Created: 2025-05-28
  • Author: valium

DownloadBlock

This download link contains the vulnerable driver!

Commands

sc.exe create SmSerl64.sys binPath=C:\windows\temp\SmSerl64.sys type=kernel && sc.exe start SmSerl64.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://nvd.nist.gov/vuln/detail/CVE-2024-55414
  • https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55414/CVE-2024-55414_SmSerl64.sys_README.md

    • Known Vulnerable Samples

    PropertyValue
    FilenameSmSerl64.sys
    Creation Timestamp2008-09-26 14:15:56
    MD57ae8bca90539ecbde87ac45ba1436be3
    SHA168ca0b533ec923a2375d88eef60a0dc32bc84589
    SHA256e599200c44eca5eb06475f90f67a58723b30c3c2887bd12ed7c31ff1042382ea
    OriginalFilenameSmSerl64.sys

    Download

    Imports

    Expand

    Imported Functions

    Expand
    • KeInitializeEvent
    • RtlInitUnicodeString
    • ExFreePool
    • ExAllocatePoolWithTag
    • KeReleaseSpinLockFromDpcLevel
    • KeSetEvent
    • KeClearEvent
    • KeWaitForSingleObject
    • IofCallDriver
    • RtlUnicodeStringToAnsiString
    • KeCancelTimer
    • IoDeleteSymbolicLink
    • RtlAppendUnicodeToString
    • IoCreateDevice
    • RtlCopyUnicodeString
    • IoCreateUnprotectedSymbolicLink
    • KeInitializeTimer
    • KeInitializeDpc
    • ZwOpenKey
    • ZwEnumerateKey
    • RtlAppendUnicodeStringToString
    • ZwQueryValueKey
    • ZwClose
    • ZwDeleteKey
    • RtlIntegerToUnicodeString
    • RtlQueryRegistryValues
    • wcsstr
    • RtlWriteRegistryValue
    • KeResetEvent
    • PoCallDriver
    • KeRemoveQueueDpc
    • KeAcquireSpinLockRaiseToDpc
    • MmMapLockedPagesSpecifyCache
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoCreateSymbolicLink
    • IoAttachDeviceToDeviceStack
    • IoGetDeviceProperty
    • IoDetachDevice
    • ExSetTimerResolution
    • PoStartNextPowerIrp
    • PoRequestPowerIrp
    • PoSetPowerState
    • IoCancelIrp
    • IoDisconnectInterrupt
    • IoConnectInterrupt
    • KeSynchronizeExecution
    • MmIsAddressValid
    • KeInsertQueueDpc
    • KeSetTimer
    • IoFreeWorkItem
    • IoAllocateWorkItem
    • IoQueueWorkItem
    • ExSystemTimeToLocalTime
    • RtlTimeToTimeFields
    • IoBuildSynchronousFsdRequest
    • KeSetImportanceDpc
    • IoGetDmaAdapter
    • IoRegisterDeviceInterface
    • IoSetDeviceInterfaceState
    • KeBugCheckEx
    • IoAcquireCancelSpinLock
    • IofCompleteRequest
    • KeReleaseSpinLock
    • KeAcquireSpinLockAtDpcLevel
    • IoDeleteDevice
    • DbgPrint
    • RtlUnicodeToMultiByteN
    • strstr
    • strchr
    • RtlEqualUnicodeString
    • ZwSetValueKey
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IoBuildDeviceIoControlRequest
    • IoGetDeviceObjectPointer
    • ObfDereferenceObject
    • ObReferenceObjectByPointer
    • MmUnmapLockedPages
    • KeDelayExecutionThread
    • IoReleaseCancelSpinLock
    • __C_specific_handler
    • RtlRaiseException
    • KeStallExecutionProcessor
    • KeQueryPerformanceCounter
    • WmiSystemControl

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGESRP0
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand

    source

    last_updated: 2026-01-07