Paragon Software Hard Disk Manager Insecure Kernel Resource Access Vulnerability

A vulnerability allowing insecure access to kernel resources has been identified in various Paragon Software products, specifically within the Hard Disk Manager (HDM) product line. This vulnerability arises from the BioNTdrv.sys driver, which fails to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware. As a result, an attacker could potentially exploit this flaw to compromise the service. The affected BioNTdrv.sys versions include 10.1.X.Y and older, as well as 1.0.0.0, 1.1.0.0, 1.3.0.0, 1.4.0.0, and 1.5.1.0.

Impact

Exploitation of this vulnerability could lead to unauthorized access to kernel resources, allowing for potential manipulation of the system at a low level.

Remediation

Users are advised to update to Paragon Hard Disk Manager version 2.0.0, which addresses this vulnerability. Instructions for downloading the update are available on the Paragon Software Support website.