Out-of-bounds Write Vulnerability in Avast Antivirus Sandbox Driver (aswSnx.sys) due to Time-of-check Time-of-use Race Condition

Updated on 9 November 2023

CVE NUMBER

CVE-2023-5760

SUMMARY

The sandbox driver (aswSnx.sys) in Avast Antivirus contains a vulnerability which could be exploited at the kernel level to perform Local Privilege Escalation, allowing attackers to gain NT AUTHORITY\SYSTEM privileges. 

MITIGATION

The issue was fixed with Avast/AVG Antivirus version 23.9

CVSSV3 SCORE

8.2

CWE

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

DETAILS

The sandbox driver (aswSnx.sys) is installed as part of the Avast Antivirus software package providing core functionalities for the antivirus.

The vulnerable sandbox driver contains a time-of-check to time-of-use (TOCTOU) bug in handling of certain IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.

RESOLUTION

To remediate the vulnerability, remove all outdated installation of Avast Antivirus and install the latest version of Avast Antivirus software package. 

The latest installation package can be obtained from the Avast Website.

Aug 2023 – Vendor Disclosure
8 Nov 2023 – Vendor Patch Release
9 Nov 2023 – Public

CREDIT

Ensign InfoSecurity Labs - Akash Chandrasekaran, Teo Wei Sheng, Eng De Sheng

URLS
    Contact Us
Copyright © 2025 Ensign InfoSecurity Pte. Ltd.