提交 #835610: QILING Disk Master Kernel Driver diskbckp.sys 6, 0, 0, 0 Local Privilege Escapation信息

标题QILING Disk Master Kernel Driver diskbckp.sys 6, 0, 0, 0 Local Privilege Escapation
描述QILING Disk Master Free ships a kernel driver, diskbckp.sys, that exposes the device \\.\diskbakdrv1 to a standard local user. A non-administrative user can open that device, attach a disk context, and issue an IOCTL that writes caller-controlled bytes to a selected raw disk offset. The proof below uses only a temporary VHD and an administrator-only test file. The standard user cannot read or open the protected file for write through normal Windows file APIs, and cannot open the raw disk after the test volume is dismounted. The same user can still overwrite the file's raw NTFS clusters through the vendor driver. An unprivileged user can exploit arbitrary read/write primitives over protected file resources to achieve local privilege escalation.
来源⚠️ https://winslow1984.com/books/cve-collection/page/qiling-disk-master-kernel-driver-diskbckpsys-6-0-0-0-local-privilege-escalation
用户
 winslow1984 (UID 79140)
提交2026-05-22 07時34分 (2 月前)
管理2026-07-11 11時44分 (2 months later)
状态已接受
VulDB条目377781 [QILING Disk Master 6.0.0.0 Kernel Driver diskbckp.sys 权限提升]
积分20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!