mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1007 B
1007 B
CVE-2021-21791
Description
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
POC
Reference
Github
No PoCs found on GitHub currently.