CVE-2021-21791
6.5
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | IOBit | IOBit Advanced SystemCare Ultimate 14.2.0.220 | affected |
Weaknesses
- CWE-782: CWE-782: Exposed IOCTL with Insufficient Access Control
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.