4 matches found
EUVD-2026-37804
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash...
CVE-2026-8050
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash...
CVE-2026-8049
In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILEDEVICESECUREOPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issu...
CVE-2026-8050
CVE-2026-8050 affects SignalRGB prior to 1.3.7.0: seven (out of sixteen) IOCTL handlers dereference SystemBuffer without validating non-NULL, causing a NULL pointer dereference and kernel crash when an IOCTL with an empty input buffer is sent. Mitigation is SignalRGB driver update to version 1.3....