Skip to main content

Signalrgb Kernel Driver

2 CVEs product

Monthly

CVE-2026-8050 HIGH PATCH This Week

Local denial-of-service in the SignalRGB kernel driver (versions prior to 1.3.7.0) allows any process able to open a handle to the driver to crash the Windows kernel by sending an IOCTL with an empty input buffer. Seven of thirteen IOCTL handlers dereference the SystemBuffer pointer without a NULL check, producing a bugcheck (BSOD). No public exploit identified at time of analysis, EPSS is 0.14%, and a vendor patch is available.

Denial Of Service Signalrgb Kernel Driver
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8049 MEDIUM PATCH This Month

Overly permissive access control on the SignalRGB kernel driver's device object exposes privileged IOCTL operations to any authenticated local user on Windows systems running versions prior to 1.3.7.0. The root cause is that the `\\.\SignalIo` device object is created without an explicit SDDL security descriptor and without the `FILE_DEVICE_SECURE_OPEN` flag, causing Windows to apply insecure default access controls. No public exploit or active exploitation has been identified at time of analysis; the EPSS score of 0.13% at the 3rd percentile reflects very low observed exploitation probability.

Information Disclosure Signalrgb Kernel Driver
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Local denial-of-service in the SignalRGB kernel driver (versions prior to 1.3.7.0) allows any process able to open a handle to the driver to crash the Windows kernel by sending an IOCTL with an empty input buffer. Seven of thirteen IOCTL handlers dereference the SystemBuffer pointer without a NULL check, producing a bugcheck (BSOD). No public exploit identified at time of analysis, EPSS is 0.14%, and a vendor patch is available.

Denial Of Service Signalrgb Kernel Driver
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Overly permissive access control on the SignalRGB kernel driver's device object exposes privileged IOCTL operations to any authenticated local user on Windows systems running versions prior to 1.3.7.0. The root cause is that the `\\.\SignalIo` device object is created without an explicit SDDL security descriptor and without the `FILE_DEVICE_SECURE_OPEN` flag, causing Windows to apply insecure default access controls. No public exploit or active exploitation has been identified at time of analysis; the EPSS score of 0.13% at the 3rd percentile reflects very low observed exploitation probability.

Information Disclosure Signalrgb Kernel Driver
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy