Description
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.
Published: 2026-06-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In SignalRGB kernel driver versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non‑NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, leading to a kernel crash and a system‑wide denial of service. The vulnerability is rated as high‑severity with a CVSS score of 7.5, reflecting the impact on availability.

Affected Systems

The vulnerability affects the SignalRGB kernel driver shipped with the SignalRGB application on Windows platforms when the driver version is earlier than 1.3.7.0. Users running these outdated driver files are susceptible; no other operating systems or product versions are listed.

Risk and Exploitability

The EPSS score is below 1 %, and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of exploitation in the wild. Based on the description, it is inferred that invoking the vulnerable IOCTLs requires local privileges, as the driver is accessible only to processes with elevated rights. Consequently, the attack vector is local, and the risk is concentrated on systems with the unpatched driver and privileged users or processes.

Generated by OpenCVE AI on June 18, 2026 at 20:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SignalRGB kernel driver to version 1.3.7.0 or later.
  • If an upgrade is not immediately possible, disable the kernel driver to eliminate the crash vector.
  • Enable kernel panic monitoring to detect and respond to potential denial‑of‑service incidents.

Generated by OpenCVE AI on June 18, 2026 at 20:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://kb.cert.org/vuls/id/380058 cve-icon
History

Thu, 18 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.
Title CVE-2026-8050
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-18T13:14:31.644Z

Reserved: 2026-05-06T17:40:15.269Z

Link: CVE-2026-8050

cve-icon Vulnrichment

Updated: 2026-06-18T13:14:15.842Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:30:05Z

Weaknesses