Skip to content
arrow-alt-circle-up icon

Cyber Incident Call

arrow-alt-circle-up icon

00800 1744 0000

arrow-alt-circle-up icon

See all Vulnerability notices

CVE Number

Requested.

CVSS Score

5.5 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Our reverse engineering team discovered a physical memory read vulnerability in the latest version of ADLINK PXI Platform Services (APPS), version 23.5.526.0, from ADLINK. The vulnerability can be abused for, for example, reading sensitive information from memory.

Impacted Versions

The vulnerable component is ADRMDRVSYS.sys, a kernel driver that the software can talk to. The latest version of driver is 1.12.802.2022. The latest version of the installer is 23.5.526.0. The MD5 hashes are included below.

  • MD5 (installer.exe) = 3845fc4fff04e0f38c2f10f9e2dc8123
  • MD5 (tboflhelper64.sys) = b7b961e5052519435626a417cf612b97

Details

The vulnerability exists in one of the driver’s Input/Output Control Codes (IOCTL’s), namely 0x2234D4. This IOCTL facilitates memory moves by mapping physical memory to the calling user-land process. As the driver is accessible by everyone on the local system, the vulnerability can be abused by low-privileged users to read sensitive data from memory. For example, an attacker may craft an exploit which dumps memory from LSASS, allowing the attacker to read authentication passwords and/or tokens, leading to privilege escalation.

Timeline

  • 11-09-2023 - Initial notice to and request for security contact.
  • 01-02-2024 - Reminder notice to and request for security contact.
  • 05-03-2024 - Reminder notice to and request for security contact.
  • 21-05-2024 - Reminder notice to and request for security contact.
  • 21-05-2024 - First reply from ADLINK security team requesting more information.
  • 21-05-2024 - Sent full vulnerability details to ADLINK security team.
  • 21-08-2024 - Planned public release of CVE and possibly a blog post.

Reference

ADLINK PXI Platform Services (APPS) software: https://www.adlinktech.com/Products/PXI_PXIe_platform/PXI_platform_service/ADLINK_PXI_Platform_Services_(APPS)

Credit

Discovered by Tijme Gommers, Jan-Jaap Korpershoek and Alex Oudenaarden of Northwave Cyber Security.

Disclaimer

Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.