Описание
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
Ссылки
- ExploitTechnical DescriptionThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitTechnical DescriptionThird Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
Множественные уязвимости средства антивирусной защиты Kaspersky Total Security, позволяющие нарушителю получить конфиденциальную информацию
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2