Primary

Context

PEAK-System Driver Information Disclosure Vulnerability in PCANFD_ADD_FILTERS IOCTL

Vulnerability

A time-of-check time-of-use (TOCTOU) information disclosure vulnerability has been identified in the PEAK-System Driver. This issue arises from improper locking mechanisms when handling the PCANFD_ADD_FILTERS IOCTL, allowing local attackers to disclose sensitive information. Exploitation of this vulnerability requires low-privileged code execution on the target system. Furthermore, this flaw could be leveraged, in conjunction with other vulnerabilities, to execute arbitrary code within the kernel context.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, with the potential for local attackers to execute arbitrary code in the kernel context.

Remediation

Users can upgrade to PEAK-System Driver version 8.19.0 to address this vulnerability.

Added: Jun 21, 2025, 1:23 AM

Updated: Jun 21, 2025, 1:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PEAK-System Driver Information Disclosure Vulnerability in PCANFD_ADD_FILTERS IOCTL

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating