CVE-2021-42681

Vulnerability

A buffer overflow vulnerability exists in the IOCTL handler 0x22001B of Accops HyWorks DVM Tools prior to version 3.3.1.105. The driver does not properly validate the size of input from I/O Request Packets (IRPs), allowing a local attacker to trigger a buffer overflow by sending a specially crafted IRP to the device.

Exploitation

An attacker with local access to the system can exploit this vulnerability by sending a malicious I/O Request Packet to the IOCTL handler 0x22001B. No additional authentication or user interaction is required beyond the ability to interact with the driver. The attacker crafts an IRP with a size that exceeds the expected buffer, causing a buffer overflow.

Impact

Successful exploitation allows the attacker to execute arbitrary code in kernel mode, leading to full system compromise. Alternatively, the attacker can cause a denial of service by corrupting kernel memory, resulting in an OS crash. This vulnerability enables privilege escalation from user mode to kernel mode.

Mitigation

Accops released a fix in version 3.3.1.105 of HyWorks DVM Tools. Users should update to this version or later. The vulnerability is part of a broader set of issues in USB over Ethernet drivers, and vendors have released security updates [1]. No workarounds are documented. The CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.