CVE-2022-26523

MEDIUM

5.3

Descripcion

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xbb94.

Detalles CVE

Puntuacion CVSS v3.15.3

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado5/8/2026

Ultima modificacion5/8/2026

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-400

Referencias

https://www.avast.com/bug-bounty(cve@mitre.org)

https://www.sentinelone.com/labs/vulnerabilities-in-avast-and-avg-put-millions-at-risk/(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.