CVE-2021-43006

Name of the Vulnerable Software and Affected Versions Amzetta zPortal DVM Tools versions 3.3.148.148 and earlier

Description The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to an Integer Overflow in the IOCTL Handler 0x22001B.

Recommendations For Amzetta zPortal DVM Tools versions 3.3.148.148 and earlier, consider disabling the IOCTL Handler 0x22001B as a temporary workaround until a patch is available. Restrict access to the affected handler to minimize the risk of exploitation. Avoid using specially crafted I/O Request Packets in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.