Vulnerability Description
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Passmark | Burnintest | <= 9.1 |
| Passmark | Osforensics | <= 7.1 |
| Passmark | Performancetest | <= 10.0 |
Related Weaknesses (CWE)
References
- https://github.com/eset/vulnerability-disclosuresThird Party Advisory
- https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVEExploitThird Party Advisory
- https://www.passmark.com/forum/index.phpVendor Advisory
- https://www.passmark.com/support/index.phpVendor Advisory
- https://github.com/eset/vulnerability-disclosuresThird Party Advisory
- https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVEExploitThird Party Advisory
- https://www.passmark.com/forum/index.phpVendor Advisory
- https://www.passmark.com/support/index.phpVendor Advisory
FAQ
What is CVE-2020-15479?
CVE-2020-15479 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack...
How severe is CVE-2020-15479?
CVE-2020-15479 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15479?
Check the references section above for vendor advisories and patch information. Affected products include: Passmark Burnintest, Passmark Osforensics, Passmark Performancetest.