VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 7, 2021· Updated Aug 4, 2024

CVE-2021-43002

CVE-2021-43002

Description

Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Amzetta zPortal DVM Tools IOCTL handler allows local attackers to execute arbitrary code in kernel mode or cause denial of service.

Vulnerability

A buffer overflow vulnerability exists in the IOCTL handler 0x22001B of Amzetta zPortal DVM Tools versions up to and including v3.3.148.148. The vulnerability occurs when processing specially crafted I/O Request Packets (IRPs) sent to the driver, leading to memory corruption. [1]

Exploitation

An attacker must have local access to the system and the ability to send IOCTL requests to the vulnerable driver. No authentication is required beyond local user access. By sending a crafted IRP with an oversized input buffer, the attacker can trigger a buffer overflow that corrupts kernel memory. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary code in kernel mode, gaining the highest level of privileges on the system. This can lead to full system compromise, including disabling security products, overwriting system components, or causing an OS crash (denial of service). [1]

Mitigation

The vendor, Amzetta, has released a security update to address this vulnerability. Users should upgrade to a version later than v3.3.148.148. The update may be automatically applied or require manual action depending on the deployment. [1]

References
  1. USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.