Vulnerabilities > CVE-2021-44968 - Use After Free vulnerability in Iobit Advanced Systemcare 15

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

iobit

CWE-416

NVD

Published: 2022-02-18

Updated: 2022-03-01

Summary

A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). IOCTL list: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018]

Vulnerable Configurations

Part	Description	Count
Application	Iobit Iobit Advanced Systemcare 15	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/Quadron-Research-Lab/Kernel_Driver_bugs/tree/main/iobit_advenced_system_care