[Enhancement] Add PassMark LPE-ready driver #3
Labels
Comments
hfiref0x
added
enhancement
|
Ref. cdc215d |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Demo for references, https://gist.github.com/hfiref0x/33985b7694c06bc8ee6d8385efadb85e
Driver details:
SHA256, EV certificate, full of bugs and vulnerabilities.
Dedicated previous CVE id: CVE-2020-15481, CVE-2020-15480
CVE vendor response:
CVE-2020-15480, Ban LSTAR and SYSENTER_EIP_MSR from readmsr IOCTL.
CVE-2020-15481, disputable CVE, when loaded with PassMark software DirectIO driver device despite having default SD will be created with DO_EXCLUSIVE object flags, thus it won't allow multiple handles and potential PoC won't work unless they somehow got into PassMark program address space which require elevation or another exploit. PassMark addressed this with regenerating IOCTL's values and leaving everything as is.
PassMark DirectIO mapping routines for reference https://gist.github.com/hfiref0x/fb822ab89c9f10c46deb172c961ce7bf
The text was updated successfully, but these errors were encountered: