PT-2020-14447 · Passmark · Passmark Burnintest+4

Michal Poslušný

Published

2020-08-07

Updated

2022-05-03

CVE-2020-15480

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PassMark BurnInTest versions through 9.1 OSForensics versions through 7.1 PerformanceTest versions through 10

Description An issue was discovered that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs) through the kernel driver's IOCTL functionality. This could lead to arbitrary Ring-0 code execution and escalation of privileges, affecting the DirectIo32.sys and DirectIo64.sys drivers.

Recommendations For PassMark BurnInTest versions through 9.1, update to a version that fixes the issue with the DirectIo32.sys and DirectIo64.sys drivers. For OSForensics versions through 7.1, update to a version that fixes the issue with the DirectIo32.sys and DirectIo64.sys drivers. For PerformanceTest versions through 10, update to a version that fixes the issue with the DirectIo32.sys and DirectIo64.sys drivers.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-15480

Affected Products

Directio32.Sys

Directio64.Sys

Osforensics

Passmark Burnintest

Performancetest

PT-2020-14447 · Passmark · Passmark Burnintest+4

CVE-2020-15480

Related Identifiers

Affected Products

References · 6