Description
An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call.
Published: 2026-05-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the DirectIo64.sys component used by PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004. By sending the IOCTL code 0x8011E044 with an attacker‑constructed payload, an adversary can read arbitrary kernel memory and gain elevated privileges on the affected system. This capability enables full system compromise, including the ability to modify critical settings, install malware, or pivot to other hosts.

Affected Systems

The flaw impacts Windows systems running the listed versions of PassMark BurnInTest, OSForensics, and PerformanceTest, specifically the DirectIo64.sys driver. No additional vendors or versions are known from the current CNA data.

Risk and Exploitability

The vulnerability enables uncontrolled kernel memory access and privilege escalation, which are high‑severity consequences. The CVSS score of 7.8 reflects this severity. Although EPSS data is unavailable and the issue is not listed in CISA KEV, the nature of the flaw suggests it is actionable and could be exploited by attackers with sufficient access to trigger the vulnerable IOCTL. The potential attack vector is local or remote depending on how the affected tools are accessed, but the impact remains severe regardless of the vector.

Generated by OpenCVE AI on May 2, 2026 at 10:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If the DirectIo64.sys driver is not required, uninstall PassMark BurnInTest, OSForensics, or PerformanceTest to remove the vulnerability.
  • Apply any official patch or newer release from the vendors when it becomes available; verify the new build does not contain DirectIo64.sys.
  • Temporarily disable the DirectIo64.sys driver by moving or blocking the driver file until a patch is released.

Generated by OpenCVE AI on May 2, 2026 at 10:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Osforensics
Osforensics osforensics
Passmark
Passmark burnintest
Passmark performancetest
Vendors & Products Osforensics
Osforensics osforensics
Passmark
Passmark burnintest
Passmark performancetest

Sat, 02 May 2026 11:00:00 +0000

Type Values Removed Values Added
Title Kernel memory read and privilege escalation via crafted IOCTL in PassMark and OSForensics drivers

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-269
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call.
References

Subscriptions

Osforensics Osforensics
Passmark Burnintest Performancetest
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T18:55:51.319Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-52347

cve-icon Vulnrichment

Updated: 2026-05-01T18:53:33.519Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T19:16:28.113

Modified: 2026-05-07T15:53:49.717

Link: CVE-2025-52347

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:45:12Z

Weaknesses