PT-2020-6648 · Asrock · Asrock Rgb Driver

·

CVE-2020-15368

·

Published

2020-06-29

·

Updated

2026-05-28

CVSS v3.1

6.1

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Name of the Vulnerable Software and Affected Versions ASRock RGB Driver versions with AsrDrv103.sys (affected versions not specified)
Description The issue is related to the AsrDrv103.sys driver in the ASRock RGB Driver, which does not properly restrict access from user space. This can be demonstrated by triggering a triple fault via a request to zero CR3, potentially allowing an attacker to execute arbitrary code in the Windows kernel. The vulnerability may be exploited by state-sponsored cyber attack tools targeting multiple industrial control systems.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2022-02305
CVE-2020-15368

Affected Products

Asrock Rgb Driver