The kernel driver KmxFw.sys shipped with various CA products contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in local denial of service attacks and local execution of arbitrary code.
93703348034f1b4025f82f9365b813c7c87d326073fb65b2fddfd9ba7c13b52b
The Computer Associates Host-Based Intrusion Prevention System SDK contains two vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued updates to address the vulnerabilities. The first vulnerability occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. A local attacker can send an IOCTL request that can cause a system crash or potentially result in arbitrary code execution. The second vulnerability occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash.
985be0e793f4ac4d6d9e3779bf5ca6b54567e5ea355a83dec5b7ae1dbd4feee5