CVE-2020-15368

{"id": "CVE-2020-15368", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-06-29T21:15:13.917", "references": [{"url": "https://codetector.org/post/asrock_rgb_driver/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/stong/CVE-2020-15368?tab=readme-ov-file", "source": "cve@mitre.org"}, {"url": "https://codetector.org/post/asrock_rgb_driver/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/stong/CVE-2020-15368?tab=readme-ov-file", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3."}, {"lang": "es", "value": "La biblioteca AsrDrv103.sys en el ASRock RGB Driver no restringe apropiadamente el acceso desde el espacio de usuario, como es demostrado al desencadenar un fallo triple por medio de una petici\u00f3n de cero CR3"}], "lastModified": "2024-11-21T05:05:25.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asrock:rgb_driver_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "307D23D4-91A6-416D-9714-CD44FB8051D2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asrock:rgb_driver:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD3312B9-78C8-4AD3-BCDF-B78704471D98"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}