Volerion logoVolerion
Volerion logoVolerion

K7 Security Anti-Malware Suite K7RKScan.sys Process Termination Vulnerability via Crafted IOCTL Requests

Vulnerability

A denial-of-service vulnerability has been identified in K7RKScan.sys version 23.0.0.10, which is part of the K7 Security Anti-Malware suite. This vulnerability allows an admin-privileged user to send crafted IOCTL requests that terminate processes protected by a third-party implementation. The issue stems from inadequate validation of callers in the driver's IOCTL handler, which permits unauthorized processes to disrupt actions in kernel space. Exploitation of this vulnerability can interfere with essential third-party services or applications, causing a denial-of-service effect.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition by disrupting critical third-party services or applications.

Remediation

Users are advised to update to K7 Ultimate Security version 17.0.2049 or higher, which includes the patched K7RKScan.sys version 23.0.0.11.

Added: Sep 9, 2025, 4:26 PM
Updated: Sep 9, 2025, 4:41 PM

Vulnerability Rating

Custom Algorithm
spread
5.4
impact
5.0
exploitability
2.8
remediation
7.7
relevance
0.5
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.