CVE-2020-10234

Name of the Vulnerable Software and Affected Versions IObit Advanced SystemCare version 13.2

Description The AscRegistryFilter.sys kernel driver allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function and include codes such as 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. The DosDevicesAscRegistryFilter and DeviceAscRegistryFilter are affected.

Recommendations As a temporary workaround, consider disabling the AscRegistryFilter.sys kernel driver until a patch is available. Restrict access to the DosDevicesAscRegistryFilter and DeviceAscRegistryFilter to minimize the risk of exploitation. Avoid using the dwIoControlCode parameter with a NULL entry in the affected IOCTL codes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.