CVE-2021-21790

Name of the Vulnerable Software and Affected Versions IOBit Advanced SystemCare Ultimate version 14.2.0.220

Description An information disclosure issue exists in the way the driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver, resulting in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.

Recommendations For IOBit Advanced SystemCare Ultimate version 14.2.0.220, consider disabling the driver's handling of Privileged I/O read requests as a temporary workaround until a patch is available. Restrict access to sensitive device data to minimize the risk of exploitation.