CVE-2021-42685

Vulnerability

CVE-2021-42685 is an integer overflow vulnerability in the Accops HyWorks DVM Tools prior to version 3.3.1.105 [1]. The flaw resides in the IOCTL Handler 0x22005B, which is reachable when processing specially crafted I/O Request Packets [1]. The driver component is part of the Eltima SDK used for USB over Ethernet functionality, as described in the referenced SentinelLabs analysis [1].

Exploitation

To exploit this vulnerability, an attacker must have local access to the affected system [1]. No network authentication or user interaction beyond being able to send IOCTLs from user mode is required. By submitting a malformed I/O Request Packet with a crafted size field, the integer overflow occurs, leading to memory corruption that can be leveraged to achieve arbitrary code execution [1].

Impact

Successful exploitation allows a local attacker to execute arbitrary code in kernel mode, which can result in complete compromise of the operating system—including disabling security products, overwriting system components, corrupting the OS, or performing other malicious operations unimpeded [1]. The attack may also cause a denial of service via system crash [1].

Mitigation

The vendor Accops has released version 3.3.1.105 to address this vulnerability [1]. Users should update to this or any later version of HyWorks DVM Tools. No workarounds are mentioned in the provided reference. At the time of the SentinelLabs disclosure, no in-the-wild exploitation had been detected [1].