Avast/AVG aswRPot.sys Privilege Escalation Vulnerabilities (CVE-2022-26522/26523) with POC

SentinelLabs Summary Report on Vulnerabilities in Avast and AVG Security Software Vulnerability Overview SentinelLabs discovered two high-severity vulnerabilities in the security driver of Avast and AVG (Avast, acquired by Avast in 2016). These vulnerabilities allow attackers to achieve privilege escalation via kernel code execution under non-administrator user privileges, thereby disabling security products, overwriting system components, or performing malicious operations. CVE-2022-26522: Located at . It exploits to obtain the process PEB pointer, then modifies the field via a race condition, leading to a kernel buffer overflow. CVE-2022-26523: Located at . It functions similarly by using a double-fetch of a user-controlled pointer to modify the length field. Impact Scope Affected Products: Avast and AVG Security Software. Affected Users: Millions of users globally (the vulnerabilities were introduced in Avast 12.1 and remained undetected for a long period). Potential Risks: Attackers can exploit these vulnerabilities to bypass security software protections, execute arbitrary code, and even fully take over the device. Remediation Patch Version: The vulnerabilities were fixed in version 22.1. Update Method**: Most users will receive the patch automatically; users with offline or local installations must manually apply the patch as soon as possible. Proof of Concept (POC) Race Condition Trigger Code (Looper thread) Socket Connection Code to Trigger the Vulnerability

Goal Reached Thanks to every supporter — we hit 100%!

Avast/AVG aswRPot.sys Privilege Escalation Vulnerabilities (CVE-2022-26522/26523) with POC