Updated on 9 November 2023
CVE-2023-5760
The sandbox driver (aswSnx.sys) in Avast Antivirus contains a vulnerability which could be exploited at the kernel level to perform Local Privilege Escalation, allowing attackers to gain NT AUTHORITY\SYSTEM privileges.
The issue was fixed with Avast/AVG Antivirus version 23.9
8.2
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
The sandbox driver (aswSnx.sys) is installed as part of the Avast Antivirus software package providing core functionalities for the antivirus.
The vulnerable sandbox driver contains a time-of-check to time-of-use (TOCTOU) bug in handling of certain IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.
To remediate the vulnerability, remove all outdated installation of Avast Antivirus and install the latest version of Avast Antivirus software package.
The latest installation package can be obtained from the Avast Website.
Aug 2023 – Vendor Disclosure
8 Nov 2023 – Vendor Patch Release
9 Nov 2023 – Public
Ensign InfoSecurity Labs - Akash Chandrasekaran, Teo Wei Sheng, Eng De Sheng
NVD-CVE Details
NVD - CVE-2023-5760 (nist.gov)
Norton Security Advisories (refer to CVE-2023-5760)
https://support.norton.com/sp/static/external/tools/security-advisories.html