Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

The product defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.

  • Source

    CWE Catalog - 4.12

  • Identifier

    CWE-781

  • Status

    Draft

Contents

Description

When an IOCTL uses the METHOD_NEITHER option for I/O control, it is the responsibility of the IOCTL to validate the addresses that have been supplied to it. If validation is missing or incorrect, attackers can supply arbitrary memory addresses, leading to code execution or a denial of service.

See Also

Comprehensive Categorization: Improper Input Validation

Weaknesses in this category are related to improper input validation.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weaknesses in Software Written in C++

This view (slice) covers issues that are found in C++ programs that are not common to all languages.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.