Security researcher Impulsive disclosed that GPU-Z, a hardware monitoring tool widely used by PC gamers around the world, has serious security vulnerabilities.Its built-in TRIXX.sys driver can directly read and write the computer's physical memory without administrator permissions, allowing attackers to gain the highest access rights to the system.
The core of the vulnerability lies in the control code IOCTL 0x800060C4 in the TRIXX.sys driver. This control code was originally used to read graphics card hardware information, but the permission threshold is extremely low. Any ordinary program in the system can send instructions to the driver.
By calling the system kernel function HalSetBusDataByOffset, the attacker can redefine the PCI BAR (base address register) and directly bypass the defense from the software permission level (Ring 3).Read or modify data in physical memory, including passwords, encryption keys, and operating system core protection mechanisms.
What’s even more troublesome is that the driver holds a legal EV (Extended Validation) digital signature, which is valid until 2028. The Windows system will treat it as a completely trusted file.
This means that hackers do not need to directly attack users who have installed GPU-Z. Instead, they can bring this vulnerable but legitimately signed old driver to the target computer, carry out BYOVD attacks, and bypass Windows security blocks.
Wizzard, the author of GPU-Z, admitted that some technical details are of reference value, but countered that in the Windows environment, ordinary user programs cannot communicate directly with the driver and must have administrator rights to trigger it.
Wizzard is currently patching the vulnerability. Please use it with caution before the new version is launched. Since this vulnerability requires local execution, as long as the user does not execute suspicious files, hackers will not be able to exploit GPU-Z in the computer.