CVE-2019-6493 - SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is al

CVE-2019-6493

Summary

SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.

References

https://downwithup.github.io/CVEPosts.html
https://www.iobit.com/en/iobitsmartdefrag.php

Vulnerable Configurations

cpe:2.3:a:iobit:smart_defrag:6:*:*:*:*:*:*:*
cpe:2.3:a:iobit:smart_defrag:6:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-401

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://downwithup.github.io/CVEPosts.html
https://www.iobit.com/en/iobitsmartdefrag.php

Last major update

24-08-2020 - 17:37

Published

11-04-2019 - 20:29

Last modified

24-08-2020 - 17:37