CVE-2025-67246 LuDaShi Driver Arbitrary Memory Read Vulnerability and POC

Here is the key information regarding CVE-2025-67246: Vulnerability Title: LuDaShi Improper Access Control Affected Versions: Less than 6.1026.4505.112 Discovery Date: December 2, 2025 Discoverer: ZhouRui Vulnerability Analysis: - LuDaShi is a well-known freeware system utility software that provides free hardware authentication, computer (mobile phone) stability assurance, and system performance enhancement. - The ComputerZ_x64.sys driver included in LuDaShi and its related system products (such as system performance optimization and system performance monitoring) contains functionality that can read data from the lower 4GB of kernel address space. - This driver exposes an IOCTL interface (0xF1002508) to user space. When processing input parameters provided by the user, it does not adequately validate the memory address being passed. A user-space process can send arbitrary lower 4GB address values to the driver via this interface. The driver then reads physical memory content at the specified address and returns the result to the user-space caller. Due to the lack of effective access control checks on this address parameter, attackers can exploit it to read system memory regions that are normally inaccessible through the kernel virtual address space, leading to sensitive information disclosure. - This issue allows a local administrator to gain access to system memory data simply by loading the vulnerable driver, thereby compromising the operating system's memory access isolation mechanism. Driver Application Layer: - Provides application-layer symbolic links to the device object (ComputerZ). - The IOCTL handling is implemented in the sub-function sub_11008. Example Code: - When IoControlCode is 0xF1002508, the following code is executed. It maps arbitrary kernel addresses within the lower 4GB to the application layer using MmMapIoSpace. Attackers can construct proof-of-concept (POC) code to read arbitrary amounts of data from any physical address in the lower 4GB and return it to the application layer. Attack Impact: - Load the vulnerable driver and run the POC code from this repository. The attack effect is as follows. In this example, I attempt to read 8 bytes of data from physical address 0xF0000, but the amount of data read can be arbitrary.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-67246 LuDaShi Driver Arbitrary Memory Read Vulnerability and POC

More from this source