CVE-2020-15368 - AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonst

CVE-2020-15368

Summary

AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.

References

https://codetector.org/post/asrock_rgb_driver/

Vulnerable Configurations

cpe:2.3:o:asrock:rgb_driver_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:asrock:rgb_driver_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:asrock:rgb_driver:-:*:*:*:*:*:*:*
cpe:2.3:h:asrock:rgb_driver:-:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 09-07-2020 - 14:01)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

misc

https://codetector.org/post/asrock_rgb_driver/

Last major update

09-07-2020 - 14:01

Published

29-06-2020 - 21:15

Last modified

09-07-2020 - 14:01