CVE-2025-67246

Name of the Vulnerable Software and Affected Versions Ludashi driver versions prior to 5.1025

Description A local information disclosure issue exists in the Ludashi driver due to insufficient access control within the IOCTL handler. The driver provides a device interface accessible to standard users and processes structures controlled by attackers, which contain the lower 4GB of physical addresses. The handler utilizes MmMapIoSpace to map arbitrary physical memory and copies data to user mode without validating caller privileges or the target address range. This allows unprivileged users to read arbitrary physical memory, potentially exposing sensitive information such as kernel data structures, kernel pointers, and security tokens. This can be leveraged to bypass Kernel Address Space Layout Randomization (KASLR) and escalate privileges locally.

Recommendations Update the Ludashi driver to version 5.1025 or later.