Remote code execution

2020-08-0721:15:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.6%

JSON

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.

CPENameOperatorVersion
burnintestle9.1
osforensicsle7.1
performancetestle10.0

Name	Operator	Version
burnintest	le	9.1
osforensics	le	7.1
performancetest	le	10.0

References

github.com/eset/vulnerability-disclosures

github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md

www.passmark.com/forum/index.php

www.passmark.com/support/index.php