汇总 msi 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 内存损坏、缓冲区溢出与路径处理缺陷,在 软件部署与生产负载 使用场景中可能带来 内存损坏、应用崩溃与文件覆盖 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-27813 | MSI Center before 2.0.52.0 has Missing PE Signature Validation. | [email protected] | 8.1 | 0.06% | 2025-04-10 | 2026-06-17 |
| CVE-2025-27812 | MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. | [email protected] | 8.1 | 0.05% | 2025-04-10 | 2026-06-17 |
| CVE-2024-1460 | MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | [email protected] | 5.6 | 0.24% | 2024-03-06 | 2026-06-17 |
| CVE-2024-1443 | MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | [email protected] | 4.4 | 0.23% | 2024-03-06 | 2026-06-17 |
| CVE-2021-32415 | EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates. | [email protected] | 7.8 | 0.25% | 2022-12-13 | 2026-07-05 |
| CVE-2022-31877 | An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. | [email protected] | 8.8 | 0.44% | 2022-11-28 | 2026-07-04 |
| CVE-2022-38532 | Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable. | [email protected] | 7.8 | 0.46% | 2022-09-19 | 2026-06-17 |
| CVE-2022-34110 | An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. | [email protected] | 5.5 | 0.29% | 2022-09-12 | 2026-07-05 |
| CVE-2022-34109 | An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. | [email protected] | 7.1 | 0.30% | 2022-09-12 | 2026-07-05 |
| CVE-2022-34108 | An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. | [email protected] | 7.1 | 0.32% | 2022-09-12 | 2026-07-05 |
| CVE-2021-44903 | Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | [email protected] | 7.8 | 0.30% | 2022-02-04 | 2026-06-17 |
| CVE-2021-44901 | Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | [email protected] | 7.8 | 0.46% | 2022-02-04 | 2026-06-17 |
| CVE-2021-44900 | Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | [email protected] | 7.8 | 0.25% | 2022-02-04 | 2026-06-17 |
| CVE-2021-44899 | Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | [email protected] | 7.8 | 0.42% | 2022-02-04 | 2026-06-17 |
| CVE-2021-29337 | MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory. | [email protected] | 7.8 | 0.59% | 2021-06-21 | 2026-06-16 |
| CVE-2021-27965 | The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request. | [email protected] | 9.8 | 11.84% | 2021-03-04 | 2026-06-16 |
| CVE-2020-17382 | The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). | [email protected] | 7.8 | 2.08% | 2020-10-02 | 2026-06-16 |
| CVE-2020-13149 | Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. | [email protected] | 7.8 | 0.45% | 2020-05-18 | 2026-06-16 |
| CVE-2019-16098 | The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | [email protected] | 7.8 | 18.19% | 2019-09-11 | 2026-06-16 |