CVE-2025-67246
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-04-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ludashi | computerz_x64.sys | to 6.1026.4505.112 (exc) |
| ludashi | ludashi | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local information disclosure issue in the Ludashi driver before version 5.1025. It occurs because the driver lacks proper access control in its IOCTL handler, allowing normal users to pass attacker-controlled structures containing physical memory addresses within the lower 4GB range. The driver maps arbitrary physical memory and copies data back to user mode without verifying the caller's privileges or the target address range. This enables unprivileged users to read arbitrary physical memory, potentially exposing sensitive kernel data such as kernel data structures, pointers, and security tokens. It can also be exploited to bypass Kernel Address Space Layout Randomization (KASLR) and escalate privileges locally. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing local attackers, including unprivileged users, to read sensitive kernel memory that should normally be protected. This exposure can lead to leakage of critical kernel data structures, pointers, and security tokens, compromising system security. Additionally, attackers can use this information to bypass security mechanisms like KASLR and potentially escalate their privileges on the system, increasing the risk of further attacks or unauthorized access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable Ludashi driver (ComputerZ_x64.sys) and its symbolic link named "ComputerZ". One can attempt to interact with the device interface exposed by the driver and test the IOCTL code 0xF1002508 to see if arbitrary physical memory can be read. For example, using tools like DeviceIoControl in a custom script or program to send the IOCTL request with a physical address parameter below 4GB and observe if data is returned without proper privilege checks. Specific commands are not provided, but detection involves verifying the driver version and attempting to access the IOCTL interface to confirm the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Ludashi driver to version 6.1026.4505.112 or later, as versions prior to this are vulnerable. If updating is not immediately possible, restrict access to the device interface exposed by the driver to trusted users only, and monitor for suspicious usage of the IOCTL code 0xF1002508. Additionally, consider disabling or uninstalling the vulnerable driver until a patched version is applied. [1, 2]