Description
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xc4a3.
Published: 2026-05-08
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a local attacker to trigger a double‑fetch condition in the aswArPot.sys driver, enabling arbitrary code execution in kernel mode or causing a denial of service through memory corruption and OS crash. This results in complete system compromise or interruption of service, as the kernel can be hijacked to perform privileged operations. The weakness is a double‑fetch condition (CWE‑367).

Affected Systems

Systems running Avast or AVG Windows Anti‑Rootkit drivers prior to version 22.1 are affected. The vulnerable driver, aswArPot.sys, is installed on Windows machines that have the legacy Avast/AVG anti‑rootkit component enabled.

Risk and Exploitability

Exploitability is limited to local attackers with execution privileges on the host, and the EPSS score of 2% indicates a low to moderate probability of exploitation. The CVSS score of 7.8 indicates high severity, underscoring the potential for full kernel compromise. KEV is not listed. Attackers could install rootkits or bypass system defenses if they can run code locally. The risk is considered high while the attack vector remains local.

Generated by OpenCVE AI on May 8, 2026 at 20:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Avast/AVG release (22.1 or later) which replaces the vulnerable aswArPot.sys driver.
  • If an immediate update is not possible, uninstall or disable the anti‑rootkit feature that loads the driver until a patch is issued.
  • Restrict local system access and monitor for abnormal kernel crashes or unauthorized execution events to detect possible exploitation attempts.

Generated by OpenCVE AI on May 8, 2026 at 20:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Avast
Avast antivurus
Avast avg Antivirus
Vendors & Products Avast
Avast antivurus
Avast avg Antivirus

Fri, 08 May 2026 20:30:00 +0000

Type Values Removed Values Added
Title Local Kernel‑Mode Code Execution via Double‑Fetch in Avast/AVG Anti‑Rootkit Driver

Fri, 08 May 2026 16:00:00 +0000

Type Values Removed Values Added
Title Local Kernel‑Mode Code Execution via Double‑Fetch in Avast/AVG Anti‑Rootkit Driver
Weaknesses CWE-416
CWE-84

Fri, 08 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 06:45:00 +0000

Type Values Removed Values Added
Title Local Kernel‑Mode Code Execution via Double‑Fetch in Avast/AVG Anti‑Rootkit Driver
Weaknesses CWE-416
CWE-84

Fri, 08 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xc4a3.
References

Subscriptions

Avast Antivurus Avg Antivirus
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-08T14:29:11.603Z

Reserved: 2022-03-07T00:00:00.000Z

Link: CVE-2022-26522

cve-icon Vulnrichment

Updated: 2026-05-08T14:28:37.497Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-08T05:16:08.893

Modified: 2026-05-08T16:02:14.343

Link: CVE-2022-26522

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:25:28Z

Weaknesses