Soumettre #835610: QILING Disk Master Kernel Driver diskbckp.sys 6, 0, 0, 0 Local Privilege Escapationinformation

TitreQILING Disk Master Kernel Driver diskbckp.sys 6, 0, 0, 0 Local Privilege Escapation
DescriptionQILING Disk Master Free ships a kernel driver, diskbckp.sys, that exposes the device \\.\diskbakdrv1 to a standard local user. A non-administrative user can open that device, attach a disk context, and issue an IOCTL that writes caller-controlled bytes to a selected raw disk offset. The proof below uses only a temporary VHD and an administrator-only test file. The standard user cannot read or open the protected file for write through normal Windows file APIs, and cannot open the raw disk after the test volume is dismounted. The same user can still overwrite the file's raw NTFS clusters through the vendor driver. An unprivileged user can exploit arbitrary read/write primitives over protected file resources to achieve local privilege escalation.
La source⚠️ https://winslow1984.com/books/cve-collection/page/qiling-disk-master-kernel-driver-diskbckpsys-6-0-0-0-local-privilege-escalation
Utilisateur
 winslow1984 (UID 79140)
Soumission22/05/2026 07:34 (il y a 2 mois)
Modérer11/07/2026 11:44 (2 months later)
StatutAccepté
Entrée VulDB377781 [QILING Disk Master 6.0.0.0 Kernel Driver diskbckp.sys élévation de privilèges]
Points20

Want to know what is going to be exploited?

We predict KEV entries!