← All drivers
vulnerable
Driver

aida64driver.sys

AIDA64 hardware-monitoring kernel driver

From FinalWire Ltd.
Status
On a known-vulnerable list
Known variants
1 distinct hashes
Public CVEs
1
Field notes

aida64driver.sys is the kernel driver that ships with AIDA64, the hardware diagnostics, sensor-monitoring, and benchmarking utility from FinalWire Ltd. Enthusiasts run AIDA64 to read temperatures, voltages, and clocks and to stress-test a system, and the driver exists to pull sensor and model-specific-register data the operating system does not otherwise expose.

The public record has two parts worth keeping straight. The formally assigned CVE, CVE-2019-7244, is against AIDA64's older driver kerneld.sys in versions before 5.99, an improperly filtered model-specific-register write that could lead to kernel code execution. Separately, in 2024 the researcher klezVirus documented a privilege-escalation weakness in the newer AIDA64Driver.sys (AIDA64 Extreme up to 7.00.6742), where access to the driver was checked in user mode rather than enforced at the driver itself; no CVE was assigned to that newer finding. FinalWire has said it coordinated with Microsoft and shipped a hardened kernel driver in AIDA64 v7.60.

The lesson is the section's usual one: the driver is legitimately FinalWire-signed, but an old signed build still carries its flaw. If you run AIDA64, update to v7.60 or later, and treat an old AIDA64 driver on a machine that no longer runs the app as worth a look.

What the record shows

aida64driver.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “aida64driver.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/aida64driver-sys