Use After Free Vulnerability in IOBit Advanced SystemCare 15
CVE-2021-44968

7.8HIGH

Key Information:

Vendor: Iobit
Status: Advanced Systemcare
Vendor: CVE Published:; 18 February 2022

What is CVE-2021-44968?

A vulnerability exists in IOBit Advanced SystemCare 15 Pro that allows attackers to exploit a Use After Free issue via specifically crafted requests sent in a sequential manner using the IOCTL driver codes. This exposure can lead to arbitrary code execution or cause a Denial of Service, resulting in a system crash. The vulnerability can be triggered through a series of IOCTL commands, making it crucial for users to apply necessary security measures and updates to mitigate associated risks.

References

https://github.com/Quadron-Research-Lab/Kernel_Driver_bug...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Dec 13, 2021

Iobit

What is CVE-2021-44968?

References

CVSS V3.1

Timeline