CVE-2022-26523

Severity CVSS v4.0:

Pending analysis

Type:

CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

Publication date:

08/05/2026

Last modified:

08/05/2026

Description

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xbb94.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS v3.1 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): Low

Base Score 3.x

5.30

Severity 3.x

MEDIUM

References to Advisories, Solutions, and Tools

https://www.avast.com/bug-bounty
https://www.sentinelone.com/labs/vulnerabilities-in-avast-and-avg-put-millions-at-risk/