PatchSiren cyber security CVE debrief
CVE-2026-57851 Micro-Star International (MSI) CVE debrief
The CVE-2026-57851 vulnerability exists in the MSI Feature Manager, specifically in the KernCoreLib64.sys kernel driver. This vulnerability allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations. Exploitation occurs through accessible IOCTL handlers without administrator privileges, enabling attackers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software.
- Vendor
- Micro-Star International (MSI)
- Product
- KernCoreLib64.sys
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
System administrators and users of MSI systems should be aware of this vulnerability. Given its high CVSS score of 8.5, it is crucial for those responsible for MSI systems to assess their exposure and take appropriate action.
Technical summary
The KernCoreLib64.sys kernel driver in MSI Feature Manager contains a local privilege escalation vulnerability. This vulnerability is exploited through IOCTL handlers, allowing locally logged-on users to perform arbitrary physical memory read/write operations and unrestricted I/O port operations without administrator privileges. Attackers can manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software.
Defensive priority
High
Recommended defensive actions
- Inventory affected MSI systems and assess exposure
- Apply vendor patches or updates if available
- Implement compensating controls to restrict access to the KernCoreLib64.sys kernel driver
- Monitor system logs for suspicious activity related to IOCTL handlers
- Consider disabling or restricting access to the MSI Feature Manager if not required
Evidence notes
The CVE record was published on 2026-07-07T17:16:36.880Z and was last modified on 2026-07-07T18:16:39.590Z. The NVD entry is currently in the 'Received' status. Limited details are available about affected products and vendor remediation efforts.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T17:16:36.880Z and has not been modified since then. The NVD entry is currently Received.