CVE-2018-9151

MEDIUM

Kingsoft Internet Security 9+ - Denial of Service via KWatch3.sys IOCTL 0x80030030

Title source: llm
STIX 2.1

Description

A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2018/Mar/78

Scores

CVSS v3 5.5
EPSS 0.0029
EPSS Percentile 20.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (1)
kingsoft/internet_security_9_plus 2010.06.23.247
Published Mar 30, 2018
Tracked Since Feb 18, 2026