CVE-2018-6319

5.5MEDIUM

Key Information:

Vendor: Sophos
Status: Sophos Tester
Vendor: CVE Published:; 2 February 2018

Summary

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.

References

https://29wspy.ru/exploits/CVE-2018-6319.pdf

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Jan 26, 2018

Collectors

NVD DatabaseMitre Database