Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow.
The vulnerability (CWE-367 — race condition resulting from double fetch of a shared resource) occurs because the kernel driver handling the sandbox performs a double read of a value from user memory without locking it first. An attacker can modify this value between the first and second read, causing data inconsistency and triggering a kernel pool buffer overflow. The result is the ability to execute code with kernel-level privileges.
A local attacker can obtain full system privileges (privilege escalation to kernel level), giving them complete control over the operating system, including the ability to bypass protective mechanisms and install malicious software.
Avast Antivirus or AVG Antivirus must be updated to version 25.3 or later. Detailed information is available in the vendor's security advisory at: https://www.gendigital.com/us/en/contact-us/security-advisories/
Avast Antivirus and AVG Antivirus versions below 25.3 installed on Microsoft Windows systems.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HAvast Antivirus
APPAvast< 25.3Microsoft Windows
OSMicrosoftwszystkie wersje
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit