CVE-2020-15481
HIGHPassMark <9.1, OSForensics <7.1, PerformanceTest <10.0 - RCE
Title source: llmDescription
An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys drivers. This issue is fixed in BurnInTest v9.2, PerformanceTest v10.0 Build 1009, OSForensics v8.0.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15481/CVE-2020-15481.md
Vendor Advisory x_refsource_misc
https://www.passmark.com/products/performancetest/history.php
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
17.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (3)
passmark/burnintest
9.1 build_1008
passmark/osforensics
7.1 build_1012
passmark/performancetest
10.0 build_1008
Published
Nov 13, 2020
Tracked Since
Feb 18, 2026