CVE-2026-8049: CWE-284 in SignalRGB SignalRGB kernel driver
SignalRGB kernel driver versions prior to 1.3.7.0 create the \\.\SignalIo device object without an explicit security descriptor and without FILE_DEVICE_SECURE_OPEN. This misconfiguration results in overly permissive default access control, allowing any authenticated local user to open a handle to the device and issue privileged IOCTL commands.
AI Analysis
Technical Summary
The SignalRGB kernel driver in versions before 1.3.7.0 lacks proper access control on its device object \\.\SignalIo. Specifically, it does not set an explicit Security Descriptor Definition Language (SDDL) security descriptor nor use the FILE_DEVICE_SECURE_OPEN flag. Consequently, any authenticated local user can obtain a handle to this device and send privileged IOCTL requests, potentially leading to unauthorized privileged operations. This vulnerability is categorized under CWE-284 (Improper Access Control). No CVSS score or vendor remediation details are currently provided.
Potential Impact
Any authenticated local user can access the vulnerable device object and issue privileged IOCTL commands, which may allow unauthorized privileged operations within the kernel driver context. This could lead to privilege escalation or unauthorized control over device functions, depending on the IOCTL implementation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://kb.cert.org/vuls/id/380058 for current remediation guidance. Until a fix is available, restrict local user access to the system to trusted users only. Monitor the vendor advisory for updates on official patches or mitigations.
CVE-2026-8049: CWE-284 in SignalRGB SignalRGB kernel driver
Description
SignalRGB kernel driver versions prior to 1.3.7.0 create the \\.\SignalIo device object without an explicit security descriptor and without FILE_DEVICE_SECURE_OPEN. This misconfiguration results in overly permissive default access control, allowing any authenticated local user to open a handle to the device and issue privileged IOCTL commands.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The SignalRGB kernel driver in versions before 1.3.7.0 lacks proper access control on its device object \\.\SignalIo. Specifically, it does not set an explicit Security Descriptor Definition Language (SDDL) security descriptor nor use the FILE_DEVICE_SECURE_OPEN flag. Consequently, any authenticated local user can obtain a handle to this device and send privileged IOCTL requests, potentially leading to unauthorized privileged operations. This vulnerability is categorized under CWE-284 (Improper Access Control). No CVSS score or vendor remediation details are currently provided.
Potential Impact
Any authenticated local user can access the vulnerable device object and issue privileged IOCTL commands, which may allow unauthorized privileged operations within the kernel driver context. This could lead to privilege escalation or unauthorized control over device functions, depending on the IOCTL implementation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://kb.cert.org/vuls/id/380058 for current remediation guidance. Until a fix is available, restrict local user access to the system to trusted users only. Monitor the vendor advisory for updates on official patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- certcc
- Date Reserved
- 2026-05-06T17:40:03.996Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://kb.cert.org/vuls/id/380058","vendor":"CERT"}]
Threat ID: 6a33168ef198dc38c1148dd9
Added to database: 6/17/2026, 9:50:06 PM
Last enriched: 6/17/2026, 10:05:53 PM
Last updated: 6/17/2026, 10:54:51 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.