msi CVE Vulnerabilities & Metrics

Focus on msi vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About msi Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with msi. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total msi CVEs: 15
Earliest CVE date: 11 Sep 2019, 17:15 UTC
Latest CVE date: 13 Dec 2022, 15:15 UTC

Latest CVE reference: CVE-2021-32415

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical msi CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.47

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	5
7.0-8.9	4
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS msi CVEs

These are the five CVEs with the highest CVSS scores for msi, sorted by severity first and recency.

CVE-2021-27965 msi Published on 05 Mar 2021, 02:15 UTC (CVSS: 7.5)
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.
CVE-2021-29337 msi Published on 21 Jun 2021, 12:15 UTC (CVSS: 7.2)
MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory.
CVE-2020-17382 msi Published on 02 Oct 2020, 09:15 UTC (CVSS: 7.2)
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
CVE-2019-16098 msi Published on 11 Sep 2019, 17:15 UTC (CVSS: 7.2)
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
CVE-2021-44903 msi Published on 04 Feb 2022, 12:15 UTC (CVSS: 4.6)
Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.

All CVEs for msi

CVE-2021-32415 msi vulnerability CVSS: 0 13 Dec 2022, 15:15 UTC

EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates.

CVE-2022-31877 msi vulnerability CVSS: 0 28 Nov 2022, 15:15 UTC

An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.

CVE-2022-38532 msi vulnerability CVSS: 0 19 Sep 2022, 22:15 UTC

Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable.

CVE-2022-34110 msi vulnerability CVSS: 0 12 Sep 2022, 04:15 UTC

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.

CVE-2022-34109 msi vulnerability CVSS: 0 12 Sep 2022, 04:15 UTC

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size.

CVE-2022-34108 msi vulnerability CVSS: 0 12 Sep 2022, 04:15 UTC

An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.

CVE-2021-44903 msi vulnerability CVSS: 4.6 04 Feb 2022, 12:15 UTC

Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.

CVE-2021-44901 msi vulnerability CVSS: 4.6 04 Feb 2022, 11:15 UTC

Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.

CVE-2021-44900 msi vulnerability CVSS: 4.6 04 Feb 2022, 11:15 UTC

Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.

CVE-2021-44899 msi vulnerability CVSS: 4.6 04 Feb 2022, 11:15 UTC

Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.

CVE-2021-29337 msi vulnerability CVSS: 7.2 21 Jun 2021, 12:15 UTC

MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory.

CVE-2021-27965 msi vulnerability CVSS: 7.5 05 Mar 2021, 02:15 UTC

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

CVE-2020-17382 msi vulnerability CVSS: 7.2 02 Oct 2020, 09:15 UTC

The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).

CVE-2020-13149 msi vulnerability CVSS: 4.6 18 May 2020, 20:15 UTC

Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory.

CVE-2019-16098 msi vulnerability CVSS: 7.2 11 Sep 2019, 17:15 UTC

The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.