# CVE-2025-52347 Vulnerability Summary ## Vulnerability Overview * **Vulnerability ID**: CVE-2025-52347 * **Vulnerability Name**: Arbitrary Physical Memory Read via IOCTL 0x8011E044 * **Vulnerability Type**: Kernel Driver Vulnerability * **Affected Component**: Kernel driver `"DirectIo64.sys"` * **Technical Details**: This driver is bundled with multiple PassMark products and exposes an IOCTL interface accessible to low-privilege users, including processes with low integrity levels. Specifically, the IOCTL code `0x8011E044` invokes the `ZwMapViewOfSection` API to map physical memory into the user address space. Since the `SectionOffset` parameter passed to `ZwMapViewOfSection` is derived directly from user-controlled input buffers without adequate validation, attackers can specify arbitrary physical memory offsets, thereby enabling the reading of sensitive kernel data. ## Impact Scope * **Affected Products**: * PassMark - BurnInTest * PassMark - OSForensics * PassMark - PerformanceTest * **Affected Versions**: * BurnInTest v11.0 Build 1011 * OSForensics v11.1 Build 1007 * PerformanceTest v11.1 Build 1004 * **Consequences**: * Allows low-privilege attackers to read arbitrary physical memory on affected machines. * Leads to the leakage of sensitive kernel data. * Enables bypassing of KASLR (Kernel Address Space Layout Randomization). * Paves the way for further exploitation, such as Ring-0 code execution and privilege escalation. ## Remediation * This vulnerability has been fixed in the latest versions.