Vulnerability Description
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Passmark | Burnintest | <= 9.1 |
| Passmark | Osforensics | <= 7.1 |
| Passmark | Performancetest | <= 10.0 |
References
- https://github.com/eset/vulnerability-disclosuresThird Party Advisory
- https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVEExploitThird Party Advisory
- https://www.passmark.com/forum/index.phpVendor Advisory
- https://www.passmark.com/support/index.phpVendor Advisory
- https://github.com/eset/vulnerability-disclosuresThird Party Advisory
- https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVEExploitThird Party Advisory
- https://www.passmark.com/forum/index.phpVendor Advisory
- https://www.passmark.com/support/index.phpVendor Advisory
FAQ
What is CVE-2020-15480?
CVE-2020-15480 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to re...
How severe is CVE-2020-15480?
CVE-2020-15480 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15480?
Check the references section above for vendor advisories and patch information. Affected products include: Passmark Burnintest, Passmark Osforensics, Passmark Performancetest.