CVE-2025-67246 (CNNVD-202601-2604)
中文标题:
Ludashi Driver 安全漏洞
英文标题:
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lac...
漏洞描述
中文描述:
Ludashi Driver是中国鲁大师(Ludashi)公司的一个驱动管理软件。 Ludashi Driver 5.1025之前版本存在安全漏洞,该漏洞源于IOCTL处理程序访问控制不当,可能导致读取任意物理内存和本地权限提升。
英文描述:
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. The handler maps arbitrary physical memory via MmMapIoSpace and copies data back to user mode without verifying the caller's privileges or the target address range. This allows unprivileged users to read arbitrary physical memory, potentially exposing kernel data structures, kernel pointers, security tokens, and other sensitive information. This vulnerability can be further exploited to bypass the Kernel Address Space Layout Rules (KASLR) and achieve local privilege escalation.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| ludashi | ludashi_driver | * | - | - |
cpe:2.3:a:ludashi:ludashi_driver:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-67246 |
2026-01-16 02:18:30 | 2026-01-16 02:44:21 |
| NVD | nvd_CVE-2025-67246 |
2026-01-16 02:47:33 | 2026-01-16 02:48:08 |
| CNNVD | cnnvd_CNNVD-202601-2604 |
2026-01-19 09:28:44 | 2026-01-19 09:29:42 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 0 -> 1
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202601-2604
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']