How to fix CVE-2015-2291?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

Is Windows affected by CVE-2015-2291?

CVE-2015-2291 presents notable security risk, a input validation vulnerability rated CVSS 7.8. Exploitation could compromise the security of affected deployments. This vulnerability is actively exploited in the wild (KEV-listed) and requires immediate remediation.

CVE-2015-2291

HIGH

2017-08-09 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 00:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 00:15 vuln.today

Public exploit code

Patch Released

Oct 22, 2025 - 00:15 nvd

Patch available

CVE Published

Aug 09, 2017 - 18:29 nvd

HIGH 7.8

Description

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.

Analysis

Intel Ethernet diagnostics driver IQVW32.sys/IQVW64.sys allows local users to execute arbitrary code with kernel privileges via crafted IOCTL calls, widely abused as a 'Bring Your Own Vulnerable Driver' (BYOVD) attack vector.

Technical Context

The CWE-20 input validation flaw in the Intel driver allows several IOCTL codes (0x80862013, 0x8086200B, 0x8086200F, 0x80862007) to be abused for arbitrary physical memory read/write operations from user mode. Since the driver is legitimately signed by Intel, it can be loaded on systems with driver signing enforcement.

Affected Products

['Intel Ethernet diagnostics driver IQVW32.sys before 1.3.1.0', 'Intel Ethernet diagnostics driver IQVW64.sys before 1.3.1.0']

Remediation

Block the vulnerable driver via Windows Defender Application Control (WDAC) vulnerable driver blocklist. Monitor for loading of known vulnerable drivers. Update Intel network drivers to versions without the diagnostics component.

Priority Score

Low Medium High Critical

KEV: +50

EPSS: +5.0

CVSS: +39

POC: +20

CVE-2015-2291 vulnerability details – vuln.today

Back

CVE-2015-2291

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2015-2291

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code