CVE-2021-42980

Name of the Vulnerable Software and Affected Versions NoMachine Cloud Server versions 4.0.346 through 7.7.4

Description The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, such as memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to a Buffer Overflow in the IOCTL Handler 0x22001B.

Recommendations For versions 4.0.346 through 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.