Description
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://github.com/eset/vulnerability-disclosures
Vendor Advisory x_refsource_misc
https://www.passmark.com/forum/index.php
Vendor Advisory x_refsource_misc
https://www.passmark.com/support/index.php
Exploit, Third Party Advisory x_refsource_misc
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVE-2020-15479.md
Scores
CVSS v3
8.8
EPSS
0.0009
EPSS Percentile
24.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (3)
passmark/burnintest
< 9.1
passmark/osforensics
< 7.1
passmark/performancetest
< 10.0
Published
Aug 07, 2020
Tracked Since
Feb 18, 2026