CVE-2019-6493

Name of the Vulnerable Software and Affected Versions IObit Smart Defrag version 6

Description The issue concerns the SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6, where an executable kernel pool allocated with user-defined bytes and size is not freed when a specific IOCTL (0x9C401CC0) is called. This can lead to a kernel pointer leak if the kernel pool becomes a "big" pool.

Recommendations For IObit Smart Defrag version 6, consider disabling the IOCTL 0x9C401CC0 call as a temporary workaround until a patch is available. Restrict access to the SmartDefragDriver.sys module to minimize the risk of exploitation. Avoid using the IOCTL 0x9C401CC0 in the affected driver until the issue is resolved.