The product defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.

What are the consequences of CWE-781?

Exploiting CWE-781 can lead to: Modify Memory, Read Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart.

CWE-781: Improper Address Validation in IOCTL with METHOD

How to prevent it

Practical mitigations for CWE-781, grouped by where in the lifecycle they apply.

Implementation

If METHOD_NEITHER is required for the IOCTL, then ensure that all user-space addresses are properly validated before they are first accessed. The ProbeForRead and ProbeForWrite routines are available for this task. Also properly protect and manage the user-supplied buffers, since the I/O Manager does not do this when METHOD_NEITHER is being used. See References.

Architecture and Design

If possible, avoid using METHOD_NEITHER in the IOCTL and select methods that effectively control the buffer size, such as METHOD_BUFFERED, METHOD_IN_DIRECT, or METHOD_OUT_DIRECT.

Architecture and Design

Implementation

If the IOCTL is part of a driver that is only intended to be accessed by trusted users, then use proper access control for the associated device or device namespace. See References.

How to prevent it

CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Illustrative examples

Frequently asked questions

What is CWE-781?

How do you prevent CWE-781?

What are the consequences of CWE-781?

References

Stay ahead of CWE-781

How to prevent it

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Illustrative examples

Related weaknesses

Parent

Can precede

Related

Frequently asked questions

What is CWE-781?

How do you prevent CWE-781?

What are the consequences of CWE-781?

References

Stay ahead of CWE-781