Lucene search

[email protected]CVE-2018-9151

HistoryMar 30, 2018 - 7:29 p.m.

CVE-2018-9151

2018-03-3019:29:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2018-9151

kingsoft internet security

kwatch3.sys

null pointer dereference

system crash

ioctl 0x80030030

nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.

Affected configurations

NVD

Node

kingsoftinternet_security_9_plusMatch2010.06.23.247

CPENameOperatorVersion
kingsoft:internet_security_9_pluskingsoft internet security 9 pluseq2010.06.23.247

CPE	Name	Operator	Version
kingsoft:internet_security_9_plus	kingsoft internet security 9 plus	eq	2010.06.23.247

References

seclists.org/fulldisclosure/2018/Mar/78

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2018-9151

nvd1 prion1 cvelist1