PT-2020-14446 · Passmark · Passmark Burnintest+4

Michal Poslušný

Published

2020-08-07

Updated

2020-08-12

CVE-2020-15479

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PassMark BurnInTest versions through 9.1 OSForensics versions through 7.1 PerformanceTest versions through 10

Description An issue was discovered that could lead to arbitrary Ring-0 code execution and escalation of privileges due to a buffer overflow. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size. This affects the DirectIo32.sys and DirectIo64.sys drivers.

Recommendations For PassMark BurnInTest versions through 9.1, update to a version that fixes the buffer overflow issue in the IOCTL request handler. For OSForensics versions through 7.1, update to a version that fixes the buffer overflow issue in the IOCTL request handler. For PerformanceTest versions through 10, update to a version that fixes the buffer overflow issue in the IOCTL request handler.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2020-15479

Affected Products

Directio32.Sys

Directio64.Sys

Osforensics

Passmark Burnintest

Performancetest

PT-2020-14446 · Passmark · Passmark Burnintest+4

CVE-2020-15479

Weakness Enumeration

Related Identifiers

Affected Products

References · 6