Allele Security Alert
ASA-2018-00007
Identifier(s)
ASA-2018-00007, CVE-2018-10709, CORE-2018-0005
Title
Drivers allow non-privileged user arbitrary access to CRs (Control Registers)
Vendor(s)
ASRock
Product(s)
ASRock RGBLED
A-Tuning
F-Stream
RestartToUEFI
Affected version(s)
The vulnerability described in this alert affects the drivers AsrDrv101.sys and AsrDrv102.sys. They are installed by the following ASRock utilities:
ASRock RGBLED before v1.0.35.1
A-Tuning before v3.0.210
F-Stream before v3.0.210
RestartToUEFI before v1.0.6.2
Fixed version(s)
ASRock RGBLED v1.0.36
A-Tuning v3.0.216
F-Stream v3.0.216
RestartToUEFI v1.0.7
Proof of concept
Yes
Description
The drivers affected expose to a non-privileged user access to control registers of the CPU through ioctl() system call. The ioctl arguments are 0x22286C and 0x222870.
The control registers are registers in CPU that control its general behaviour and exposing access to them allows an attacker to totally control the CPU. This can be abused in several ways by attackers to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.
Technical details
Unknown
Credits
Diego Juarez (SecureAuth) and Leandro Cuozzo (SecureAuth)
Reference(s)
ASRock Drivers Elevation of Privilege Vulnerabilities
https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities
[FD] [CORE-2018-0005] – ASRock Drivers Elevation of Privilege Vulnerabilities
https://lists.openwall.net/full-disclosure/2018/10/26/1
CVE-2018-10709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10709
CVE-2018-10709
https://nvd.nist.gov/vuln/detail/CVE-2018-10709
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 3, 2019