CVE-2025-67246

{"id": "CVE-2025-67246", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.0}]}, "published": "2026-01-15T16:16:12.450", "references": [{"url": "http://ludashi.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/CDipper/CVE-2025-67246", "source": "cve@mitre.org"}, {"url": "https://github.com/CDipper/CVE-Publication", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. The handler maps arbitrary physical memory via MmMapIoSpace and copies data back to user mode without verifying the caller's privileges or the target address range. This allows unprivileged users to read arbitrary physical memory, potentially exposing kernel data structures, kernel pointers, security tokens, and other sensitive information. This vulnerability can be further exploited to bypass the Kernel Address Space Layout Rules (KASLR) and achieve local privilege escalation."}, {"lang": "es", "value": "Una vulnerabilidad de revelaci\u00f3n de informaci\u00f3n local existe en el controlador Ludashi anterior a la versi\u00f3n 5.1025 debido a una falta de control de acceso en el controlador IOCTL. Este controlador expone una interfaz de dispositivo accesible para un usuario normal y maneja estructuras controladas por el atacante que contienen los 4 GB inferiores de direcciones f\u00edsicas. El controlador mapea memoria f\u00edsica arbitraria a trav\u00e9s de MmMapIoSpace y copia datos de vuelta al modo de usuario sin verificar los privilegios del llamador o el rango de direcciones objetivo. Esto permite a usuarios sin privilegios leer memoria f\u00edsica arbitraria, exponiendo potencialmente estructuras de datos del kernel, punteros del kernel, tokens de seguridad y otra informaci\u00f3n sensible. Esta vulnerabilidad puede ser explotada a\u00fan m\u00e1s para eludir las Reglas de Dise\u00f1o del Espacio de Direcciones del Kernel (KASLR) y lograr una escalada de privilegios local."}], "lastModified": "2026-04-14T15:16:25.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ludashi:ludashi_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63FA880E-9340-4A37-909B-FE3DFB2413AB", "versionEndExcluding": "5.1025"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}