Vulnerability Details CVE-2020-12446
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2020-12446
-
cpe:2.3:a:gskill:trident_z_lighting_control:1.00.02
-
cpe:2.3:a:gskill:trident_z_lighting_control:1.00.03
-
cpe:2.3:a:gskill:trident_z_lighting_control:1.00.07
-
cpe:2.3:a:gskill:trident_z_lighting_control:1.00.08