VU#380058: SignalRGB kernel dr... Note

VU#380058: SignalRGB kernel driver contains improper access control and IOCTL vulnerabilities

The SignalRGB kernel driver, SignalIo.sys, contains two critical security vulnerabilities related to improper access control and unsafe memory handling. The driver's device object is created with overly permissive access controls, allowing any local user to interact with privileged hardware operations via input/output control commands. Seven of the driver's IOCTL handlers also suffer from a NULL pointer dereference vulnerability. This occurs because the driver fails to check if a buffer pointer is null before dereferencing it. Sending an IOCTL with an empty input buffer triggers this condition. Exploiting these flaws enables unprivileged users to gain access to sensitive driver functions, including read and write access to PCI configuration space. Furthermore, an authenticated local attacker can intentionally crash the kernel by exploiting the NULL pointer dereference. The SignalRGB driver version 1.3.7.0 has addressed these security weaknesses. Organizations are advised to update to this patched version and implement mitigations for Bring Your Own Vulnerable Driver attacks. These mitigations include restricting administrative privileges and enforcing driver block rules.