Ghostwire

CVE-2022-26523: The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local...

HIGH CVSS 7.5

Published: May 8, 2026 | Last Modified: May 8, 2026

Description

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xbb94.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2022-26523
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2022-26523
www.avast.com/bug-bounty
www.sentinelone.com/labs/vulnerabilities-in-avast-and-avg-put-millions-at-risk/
nvd.nist.gov/vuln/detail/CVE-2022-26523