cve/2019/CVE-2019-16098.md

### [CVE-2019-16098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16098)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.

### POC

#### Reference
- https://github.com/Barakat/CVE-2019-16098

#### Github
- https://github.com/0xDivyanshu-new/CVE-2019-16098
- https://github.com/0xT11/CVE-POC
- https://github.com/474172261/KDU
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Barakat/CVE-2019-16098
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/ExpLife0011/awesome-windows-kernel-security-development
- https://github.com/GhostTroops/TOP
- https://github.com/JustaT3ch/Kernel-Snooping
- https://github.com/Offensive-Panda/NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE
- https://github.com/Ondrik8/exploit
- https://github.com/Rydersel/PlaguewareCSGO_3.0
- https://github.com/TamatahYT/RTCore64Exploitation
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/gabriellandau/EDRSandblast-GodFault
- https://github.com/h4rmy/KDU
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hfiref0x/KDU
- https://github.com/lazypanda1729/Kernel-Snooping
- https://github.com/pravinsrc/NOTES-windows-kernel-links
- https://github.com/sl4v3k/KDU
- https://github.com/thebringerofdeath789/KernelModeCpp
- https://github.com/vls1729/Kernel-Snooping
- https://github.com/wavestone-cdt/EDRSandblast
- https://github.com/wildangelcult/was
- https://github.com/zeon1045/belbel
- https://github.com/zeon1045/intentohibri
- https://github.com/zeze-zeze/2023iThome
- https://github.com/zeze-zeze/CYBERSEC2023-BYOVD-Demo
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-16098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16098)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`### Description`

			`The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.`

			`### POC`

			`#### Reference`
			`- https://github.com/Barakat/CVE-2019-16098`

			`#### Github`
			`- https://github.com/0xDivyanshu-new/CVE-2019-16098`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/474172261/KDU`
			`- https://github.com/ARPSyndicate/cvemon`
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`- https://github.com/Barakat/CVE-2019-16098`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/ExpLife0011/awesome-windows-kernel-security-development`
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`- https://github.com/GhostTroops/TOP`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/JustaT3ch/Kernel-Snooping`
Update CVE sources 2024-08-07 19:02 2024-08-07 19:02:05 +00:00			`- https://github.com/Offensive-Panda/NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/Ondrik8/exploit`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/Rydersel/PlaguewareCSGO_3.0`
			`- https://github.com/TamatahYT/RTCore64Exploitation`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/gabriellandau/EDRSandblast-GodFault`
			`- https://github.com/h4rmy/KDU`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/hfiref0x/KDU`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/lazypanda1729/Kernel-Snooping`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/pravinsrc/NOTES-windows-kernel-links`
			`- https://github.com/sl4v3k/KDU`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/thebringerofdeath789/KernelModeCpp`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/vls1729/Kernel-Snooping`
			`- https://github.com/wavestone-cdt/EDRSandblast`
			`- https://github.com/wildangelcult/was`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/zeon1045/belbel`
			`- https://github.com/zeon1045/intentohibri`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/zeze-zeze/2023iThome`
			`- https://github.com/zeze-zeze/CYBERSEC2023-BYOVD-Demo`