Skip to main content

SignalRGB EUVDEUVD-2026-37804

| CVE-2026-8050 HIGH
2026-06-17 certcc GHSA-wm74-h69m-r7vv
7.5
CVSS 3.1 · Vendor: certcc
Share

Severity by source

Vendor (certcc) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

IOCTL delivery is inherently local (AV:L), trivially triggered with an empty buffer (AC:L), requires a local handle to the driver typically open to standard users (PR:L), and impact is availability-only kernel crash.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (certcc).

CVSS VectorVendor: certcc

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 18, 2026 - 14:22 vuln.today
CVSS changed
Jun 18, 2026 - 14:22 NVD
7.5 (HIGH)
Patch available
Jun 18, 2026 - 02:01 EUVD
CVE Published
Jun 17, 2026 - 21:05 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.

AnalysisAI

Local denial-of-service in the SignalRGB kernel driver (versions prior to 1.3.7.0) allows any process able to open a handle to the driver to crash the Windows kernel by sending an IOCTL with an empty input buffer. Seven of thirteen IOCTL handlers dereference the SystemBuffer pointer without a NULL check, producing a bugcheck (BSOD). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local code execution on host running SignalRGB
Delivery
Open handle to SignalRGB driver device
Exploit
Issue DeviceIoControl with vulnerable IOCTL and empty buffer
Execution
Kernel dereferences NULL SystemBuffer
Impact
Bugcheck and host DoS

Vulnerability AssessmentAI

Exploitation Requires the SignalRGB application (and therefore its kernel driver) to be installed and running on the target Windows host, and the attacker must be able to execute code locally with sufficient rights to call CreateFile/DeviceIoControl against the SignalRGB device object - typically any interactive or service account, since RGB control drivers commonly expose permissive DACLs to non-admin users. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate and bounded to availability: CVSS C:N/I:N/A:H correctly reflects a pure DoS with no information disclosure or code execution, and EPSS (0.14%, 4th percentile) plus absence from CISA KEV indicate no observed exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user on a workstation with SignalRGB installed opens a handle to the SignalRGB driver device with CreateFileW and issues DeviceIoControl using one of the seven vulnerable IOCTL codes with InputBufferLength=0 and lpInBuffer=NULL; the driver dereferences the resulting NULL SystemBuffer in kernel context and the machine immediately bugchecks. Repeated triggering from a startup script or scheduled task produces a persistent boot-loop style DoS on the host. …
Remediation Vendor-released patch: SignalRGB 1.3.7.0 - upgrade all hosts running SignalRGB to 1.3.7.0 or later as documented in CERT/CC VU#380058 (https://kb.cert.org/vuls/id/380058). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory Windows systems with SignalRGB driver installed and identify those running versions prior to 1.3.7.0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37804 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy