CVE-2019-6493

MEDIUM

Iobit Smart Defrag - Memory Leak

Title source: rule

Description

SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.

References (2)

[Exploit, Vendor Advisory] https://downwithup.github.io/CVEPosts.html

[Product, Vendor Advisory] https://www.iobit.com/en/iobitsmartdefrag.php

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 33.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-401

Status published

Affected Products (1)

iobit/smart_defrag

Timeline

Published Apr 11, 2019

Tracked Since Feb 18, 2026