CVE-2021-43006

Vulnerability

An integer overflow vulnerability exists in the IOCTL Handler 0x22001B of the AmZetta zPortal DVM Tools driver, affecting versions up to and including v3.3.148.148. The flaw occurs when processing specially crafted I/O Request Packets (IRPs) from a local user, leading to memory corruption. This code path is reachable without any special configuration, requiring only local access to the system.

Exploitation

An attacker with local access can send a maliciously crafted I/O Request Packet to the vulnerable IOCTL handler. No authentication or user interaction is required beyond gaining local execution rights. The integer overflow corrupts kernel memory, which can be leveraged for arbitrary code execution or system crash. The exact steps are detailed in the related advisory [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in kernel mode, achieving full privilege escalation. Alternatively, an attacker can cause a denial of service by corrupting memory, leading to an OS crash. This level of access can be used to disable security products, overwrite system components, or perform other malicious operations with unimpeded privileges [1].

Mitigation

The vendor released a security update addressing this vulnerability; users of AmZetta zPortal DVM Tools should upgrade to the latest patched version. The update is part of a broader advisory covering multiple similar flaws discovered in the Eltima SDK ecosystem [1]. No workarounds are available, and the CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of disclosure.