Release of Invalid Pointer or Reference

CVE-2019-19820

High

7.8/10

Summary

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-763 - Release of Invalid Pointer or Reference

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

References

Advisory Timeline

Published Jan 10, 2020

Release of Invalid Pointer or Reference

CVE-2019-19820

Summary

CWE-763 - Release of Invalid Pointer or Reference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS