PT-2020-14448 · Passmark · Passmark Burnintest+4

Michal Poslušný

Published

2020-11-13

Updated

2020-12-03

CVE-2020-15481

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PassMark BurnInTest versions 9.1 Build 1008 OSForensics versions 7.1 Build 1012 PerformanceTest versions 10.0 Build 1008

Description An issue was discovered that allows low-privilege users to map arbitrary physical memory into the address space of the calling process through the kernel driver's IOCTL functionality. This could lead to arbitrary Ring-0 code execution and escalation of privileges, affecting DirectIo32.sys and DirectIo64.sys drivers.

Recommendations For PassMark BurnInTest version 9.1 Build 1008, update to BurnInTest v9.2. For OSForensics version 7.1 Build 1012, update to OSForensics v8.0. For PerformanceTest version 10.0 Build 1008, update to PerformanceTest v10.0 Build 1009.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-15481

Affected Products

Directio32.Sys

Directio64.Sys

Osforensics

Passmark Burnintest

Performancetest

PT-2020-14448 · Passmark · Passmark Burnintest+4

CVE-2020-15481

Related Identifiers

Affected Products

References · 6