Kaspersky Products Kernel Memory Buffer Vulnerability Allowing Data Write

A vulnerability has been identified in multiple Kaspersky products, including Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, and Kaspersky Anti-Ransomware Tool. This vulnerability could enable an authenticated attacker to write data to a restricted area outside the designated kernel memory buffer. The issue has been automatically resolved in all Kaspersky Endpoint products.

Impact

Exploitation of this vulnerability could lead to unauthorized data modification by allowing an authenticated attacker to write data outside the allocated memory buffer in the kernel, potentially causing memory corruption or other unintended behavior in the affected application.

Remediation

For Kaspersky Anti-Virus SDK for Windows, upgrade to version 8.10.2.2098. For Kaspersky Security for Virtualization Light Agent, install version 5.2.27.319 or later. For all other listed Kaspersky applications, the fix has been applied automatically for those with antivirus databases older than November 5, 2024. Users should ensure their antivirus database is updated to November 6, 2024, or newer.