Executive Summary

This vulnerability exists in the Redragon Gaming Mouse kernel driver (REDRAGON_MOUSE.sys). It allows an attacker with limited privileges and local access to cause a denial of service by sending malformed IOCTL requests. Specifically, an attacker can send a crafted 2000-byte buffer with specific byte patterns to the device, which causes the kernel driver to crash due to improper handling of the input. [2, 3]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can cause a denial of service (DoS) condition by crashing the kernel driver of the Redragon Gaming Mouse. This can lead to system instability or crashes, potentially disrupting normal operations on the affected machine. [2, 3]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to interact with the REDRAGON_MOUSE device driver using the specific IOCTL code 0x222414 and sending a crafted 2000-byte buffer (1000 bytes of '\x44' followed by 1000 null bytes) to the device. On a Windows system, you can use a script or program that opens a handle to the device '\\.\GLOBALROOT\Device\REDRAGON_MOUSE' with CreateFileA and sends the malformed buffer using DeviceIoControl. If the driver crashes or causes a denial of service, the vulnerability is present. The exploit proof-of-concept is implemented in Python using ctypes to perform these actions. [3]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting local access to systems with the Redragon Gaming Mouse driver installed, as the vulnerability requires local privileges to exploit. Additionally, avoid using the vulnerable driver until a patched version is released by the vendor. Monitoring for unusual system crashes related to the REDRAGON_MOUSE driver can help detect exploitation attempts. If possible, uninstall or disable the Redragon Gaming Mouse driver to prevent exploitation. [2, 3]

Useful 0 Not Useful 0