PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57851 Micro-Star International (MSI) CVE debrief

The CVE-2026-57851 vulnerability exists in the MSI Feature Manager, specifically in the KernCoreLib64.sys kernel driver. This vulnerability allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations. Exploitation occurs through accessible IOCTL handlers without administrator privileges, enabling attackers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software.

Vendor
Micro-Star International (MSI)
Product
KernCoreLib64.sys
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

System administrators and users of MSI systems should be aware of this vulnerability. Given its high CVSS score of 8.5, it is crucial for those responsible for MSI systems to assess their exposure and take appropriate action.

Technical summary

The KernCoreLib64.sys kernel driver in MSI Feature Manager contains a local privilege escalation vulnerability. This vulnerability is exploited through IOCTL handlers, allowing locally logged-on users to perform arbitrary physical memory read/write operations and unrestricted I/O port operations without administrator privileges. Attackers can manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software.

Defensive priority

High

Recommended defensive actions

  • Inventory affected MSI systems and assess exposure
  • Apply vendor patches or updates if available
  • Implement compensating controls to restrict access to the KernCoreLib64.sys kernel driver
  • Monitor system logs for suspicious activity related to IOCTL handlers
  • Consider disabling or restricting access to the MSI Feature Manager if not required

Evidence notes

The CVE record was published on 2026-07-07T17:16:36.880Z and was last modified on 2026-07-07T18:16:39.590Z. The NVD entry is currently in the 'Received' status. Limited details are available about affected products and vendor remediation efforts.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T17:16:36.880Z and has not been modified since then. The NVD entry is currently Received.