PT-2018-13058 · Microsoft+1 · Windows+1

Published

2018-08-24

Updated

2018-11-06

CVE-2018-15499

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GEAR Software products that include GEARAspiWDM.sys version 2.2.5.0

Description The issue allows local users to cause a denial of service, resulting in a Blue Screen of Death (BSoD) on Windows, due to a race condition. This occurs because the software does not check if user-mode memory is available right before writing to it, with the check only performed at the beginning of a long subroutine.

Recommendations For GEAR Software products that include GEARAspiWDM.sys version 2.2.5.0, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2018-15499

Affected Products

Gearaspiwdm.Sys

Windows

PT-2018-13058 · Microsoft+1 · Windows+1

CVE-2018-15499

Weakness Enumeration

Related Identifiers

Affected Products

References · 4