Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. The handler maps arbitrary physical memory via MmMapIoSpace and copies data back to user mode without verifying the caller's privileges or the target address range. This allows unprivileged users to read arbitrary physical memory, potentially exposing kernel data structures, kernel pointers, security tokens, and other sensitive information. This vulnerability can be further exploited to bypass the Kernel Address Space Layout Rules (KASLR) and achieve local privilege escalation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ludashi Driver 安全漏洞
Vulnerability Description
Ludashi Driver是中国鲁大师(Ludashi)公司的一个驱动管理软件。 Ludashi Driver 5.1025之前版本存在安全漏洞,该漏洞源于IOCTL处理程序访问控制不当,可能导致读取任意物理内存和本地权限提升。
CVSS Information
N/A
Vulnerability Type
N/A