Description
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. The handler maps arbitrary physical memory via MmMapIoSpace and copies data back to user mode without verifying the caller's privileges or the target address range. This allows unprivileged users to read arbitrary physical memory, potentially exposing kernel data structures, kernel pointers, security tokens, and other sensitive information. This vulnerability can be further exploited to bypass the Kernel Address Space Layout Rules (KASLR) and achieve local privilege escalation.
Published: 2026-01-15
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The Ludashi driver exposed before version 5.1025 contains an access‑control flaw in its IOCTL handler. The driver accepts structures from any local user and maps the supplied lower 4 GB of physical addresses into kernel space with MmMapIoSpace. It then copies the contents back to user mode without checking the caller’s privileges or the validity of the address range. This allows an unprivileged user to read arbitrary physical memory, potentially leaking kernel data structures, pointers, security tokens, and other sensitive information. The disclosed information can be used to defeat KASLR and elevate to higher privileges locally.

Affected Systems

The vulnerability affects systems that install the Ludashi driver version 5.1024 or earlier. The driver registers a device interface that is globally accessible to normal users. Any installation using these older driver versions is susceptible; newer releases from 5.1025 onward contain the fix and therefore are not affected.

Risk and Exploitability

Security analysts have rated the flaw with a CVSS score of 7.3, indicating significant impact. The EPSS score is below 1 %, suggesting a low current exploitation probability, and the flaw is not currently listed in CISA’s KEV catalog. However, since the flaw is exploitable by a local user, an attacker can leverage it to read kernel memory and potentially gain privileged kernel access. The attack requires only low technical skill to invoke the vulnerable IOCTL and does not rely on network exposure.

Generated by OpenCVE AI on April 20, 2026 at 15:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Ludashi driver release (5.1025 or newer) which removes the unchecked mapping logic.
  • Restrict the device file permissions so that only privileged processes or the root user can open it, mitigating the read capability for regular users.
  • If the driver is not required for your production environment, disable or uninstall it to remove the attack surface.

Generated by OpenCVE AI on April 20, 2026 at 15:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Title Local Driver Vulnerability Allows Unprivileged Physical Memory Read and Privilege Escalation

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
References

Fri, 23 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Ludashi ludashi Driver
CPEs cpe:2.3:a:ludashi:ludashi_driver:*:*:*:*:*:*:*:*
Vendors & Products Ludashi ludashi Driver

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Ludashi
Ludashi driver
Vendors & Products Ludashi
Ludashi driver

Thu, 15 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
CWE-732
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 15 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
Description A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. The handler maps arbitrary physical memory via MmMapIoSpace and copies data back to user mode without verifying the caller's privileges or the target address range. This allows unprivileged users to read arbitrary physical memory, potentially exposing kernel data structures, kernel pointers, security tokens, and other sensitive information. This vulnerability can be further exploited to bypass the Kernel Address Space Layout Rules (KASLR) and achieve local privilege escalation.
References

Subscriptions

Ludashi Driver Ludashi Driver
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T14:01:51.110Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-67246

cve-icon Vulnrichment

Updated: 2026-01-15T16:01:39.260Z

cve-icon NVD

Status : Modified

Published: 2026-01-15T16:16:12.450

Modified: 2026-04-14T15:16:25.140

Link: CVE-2025-67246

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:00:10Z

Weaknesses