Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
WindowsKernelVuln/CVE-2023-1629/
WindowsKernelVuln/CVE-2023-1629/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 

JiangMin Antivirus, kvcore.sys, Memory Corruption

Vulnerability Info

Version

Impact

Memory Corruption

Description

From IoControlCode 0x222010, a normal user can write into any valid address which can be leveraged to abuse criticle kernel structures if the linked list is not null.

Reproduce

In the attached file ArbitraryAddressWrite.zip, there are ArbitraryAddressWrite.exe, ArbitraryAddressWrite.cpp, JMV21Web20220419.exe, and kvcore.sys. ArbitraryAddressWrite.exe is the PoC to cause BSOD where JMV21Web20220419.exe contains the vulnerable driver kvcore.sys installed, and ArbitraryAddressWrite.cpp is the source code of ArbitraryAddressWrite.exe. To reproduce the issue, install JMV21Web20220419.exe and execute ArbitraryAddressWrite.exe. It is expected that the target address will be written once ArbitraryAddressWrite.exe is executed. Password for attachment: ArbitraryAddressWrite https://drive.google.com/file/d/1soMFXUAYkCttFDA_icry6q-irb2jdAxw/view?usp=sharing