3 May
2025
3 May
'25
9:40 p.m.
If `KeUserModeCallback` fails, `ret_ptr` and `ret_len` might be left uninitialized. Since the returned status isn't checked in `dispatch_win_proc_params`, it can access uninitialized memory.
* * *
One way this could actually happen is if on x86_64 `KeUserModeCallback` returned `STATUS_STACK_OVERFLOW`.