CVE-2020-15368

MEDIUM EXPLOITED

ASRock RGB Driver - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-15368 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including stong, R7flex.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-15368, targeting a vulnerable Asrock driver that allows arbitrary kernel code execution. The exploit demonstrates manual mapping of a driver and leveraging the vulnerable IOCTL to execute arbitrary payloads in kernel mode.

Description

AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.

Exploits (3)

nomisec WORKING POC 505 stars
by stong · local
https://github.com/stong/CVE-2020-15368

This repository contains a proof-of-concept exploit for CVE-2020-15368, targeting a vulnerable Asrock driver that allows arbitrary kernel code execution. The exploit demonstrates manual mapping of a driver and leveraging the vulnerable IOCTL to execute arbitrary payloads in kernel mode.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Asrock RGB controller driver (repackaged rweverything driver)
Auth required
Prerequisites: Administrative privileges to load the driver · Vulnerable Asrock driver installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 9 stars
by R7flex · local
https://github.com/R7flex/asrockploit

This is a proof-of-concept exploit for CVE-2020-15368, targeting ASRock motherboard drivers. The exploit leverages a vulnerability in the driver to achieve local privilege escalation (LPE) by manipulating kernel memory and executing arbitrary code in kernel mode.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: ASRock motherboard drivers (likely asrdrv107.sys)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable ASRock driver
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/hfiref0x/KDU

KDU is a kernel driver utility that exploits vulnerable drivers to bypass security mechanisms like Driver Signature Enforcement (DSE) and Protected Process Light (PPL). It provides functionality to load unsigned drivers, modify process protections, and dump process memory by leveraging known vulnerable drivers from various vendors.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows Kernel (7/8/8.1/10/11)
Auth required
Prerequisites: Administrative privileges · Presence of a vulnerable driver from the supported list
devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.5
EPSS 0.0373
EPSS Percentile 88.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2022-04-13
CWE
CWE-269
Status published
Products (1)
asrock/rgb_driver_firmware
Published Jun 29, 2020
Tracked Since Feb 18, 2026