Description
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications. Unauthorized processes load the driver and send a crafted IOCTL request (0xB822200C) to terminate processes protected by a third-party implementation. This action exploits insufficient caller validation in the driver's IOCTL handler, allowing unauthorized processes to perform termination operations in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications.
Published: 2026-04-17
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via kernel‑space process termination
Action: Patch Now
AI Analysis

Impact

This flaw is a kernel driver oversight that allows contextless IOCTL invocations to terminate processes that otherwise rely on third‑party protection mechanisms. Because the driver accepts requests without ensuring the caller possesses the required privileges, any process that can load the driver can instruct the kernel to kill a protected process. The effect is a denial of service for the protected processes or applications, potentially crippling critical services. This vulnerability aligns with the CWE‑269 pattern of insufficient caller validation in kernel code.

Affected Systems

The impacted product is STProcessMonitor version 11.11.4.0, part of the Safetica Application suite. No other vendor or product information is listed. The flaw exists in the driver that ships with this specific release.

Risk and Exploitability

The vulnerability can be leveraged by any entity capable of loading the vulnerable driver, which may be achieved by an attacker who has local code execution or can elevate to a privileged account. Once the driver is loaded, the crafted IOCTL (0xB822200C) simply instructs the kernel to terminate a protected target, requiring no further authentication. The CVSS score is 5.5, indicating moderate severity, while EPSS data is not available, and the flaw is not listed in CISA's KEV catalog, so the exact exploitation likelihood is unknown. However, the low barrier to exploitation coupled with the severe availability impact yields a high risk for systems that rely on the affected driver.

Generated by OpenCVE AI on April 18, 2026 at 17:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a later version of STProcessMonitor that removes the unvalidated IOCTL handler.
  • If a patch is unavailable, prevent non‑privileged or untrusted processes from loading the driver by disabling generic driver load mechanisms or re‑firmware signing checks.
  • Configure the operating system to enforce strict IOCTL access control, allowing only privileged or authenticated callers to send the termination command.
  • Set up kernel‑level monitoring or logging for attempts to invoke the 0xB822200C IOCTL to detect malicious activity.
  • Re‑evaluate the need for third‑party protection mechanisms and consider isolating critical services so that driver‑level process termination cannot bring them down.

Generated by OpenCVE AI on April 18, 2026 at 17:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Title Kernel‑Space Process Termination via Unsanitized IOCTL in Safetica STProcessMonitor

Fri, 17 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Safetica
Safetica stprocessmonitor
Vendors & Products Safetica
Safetica stprocessmonitor

Fri, 17 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications. Unauthorized processes load the driver and send a crafted IOCTL request (0xB822200C) to terminate processes protected by a third-party implementation. This action exploits insufficient caller validation in the driver's IOCTL handler, allowing unauthorized processes to perform termination operations in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications.
References

Subscriptions

Safetica Stprocessmonitor
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-17T14:58:56.485Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70795

cve-icon Vulnrichment

Updated: 2026-04-17T14:56:15.535Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T14:16:33.373

Modified: 2026-04-17T15:38:09.243

Link: CVE-2025-70795

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:30:05Z

Weaknesses