| tiêu đề | QILING Disk Master Kernel Driver diskbckp.sys 6, 0, 0, 0 Local Privilege Escapation |
|---|
| Mô tả | QILING Disk Master Free ships a kernel driver, diskbckp.sys, that exposes the device \\.\diskbakdrv1 to a standard local user. A non-administrative user can open that device, attach a disk context, and issue an IOCTL that writes caller-controlled bytes to a selected raw disk offset.
The proof below uses only a temporary VHD and an administrator-only test file. The standard user cannot read or open the protected file for write through normal Windows file APIs, and cannot open the raw disk after the test volume is dismounted. The same user can still overwrite the file's raw NTFS clusters through the vendor driver.
An unprivileged user can exploit arbitrary read/write primitives over protected file resources to achieve local privilege escalation. |
|---|
| Nguồn | ⚠️ https://winslow1984.com/books/cve-collection/page/qiling-disk-master-kernel-driver-diskbckpsys-6-0-0-0-local-privilege-escalation |
|---|
| Người dùng | winslow1984 (UID 79140) |
|---|
| Đệ trình | 22/05/2026 07:34 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 11/07/2026 11:44 (2 months later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 377781 [QILING Disk Master 6.0.0.0 Kernel Driver diskbckp.sys nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|