CVE-2020-15368

Name of the Vulnerable Software and Affected Versions ASRock RGB Driver versions with AsrDrv103.sys (affected versions not specified)

Description The issue is related to the AsrDrv103.sys driver in the ASRock RGB Driver, which does not properly restrict access from user space. This can be demonstrated by triggering a triple fault via a request to zero CR3, potentially allowing an attacker to execute arbitrary code in the Windows kernel. The vulnerability may be exploited by state-sponsored cyber attack tools targeting multiple industrial control systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.