Allele Security Alert
ASA-2018-00008, CVE-2018-10710, CORE-2018-0005
Drivers allow non-privileged user arbitrary physical memory read/write
The vulnerability described in this alert affects the drivers AsrDrv101.sys and AsrDrv102.sys. They are installed by the following ASRock utilities:
ASRock RGBLED before v126.96.36.199
A-Tuning before v3.0.210
F-Stream before v3.0.210
RestartToUEFI before v188.8.131.52
ASRock RGBLED v1.0.36
Proof of concept
The drivers affected expose to a non-privileged user arbitrary access to physical memory through ioctl() system call. The ioctl argument for writing to physical memory is 0x22280C.
Access to physical memory allows an attacker to directly tinker with the system and take advantage in several ways. This vulnerability allows an attacker to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.
Diego Juarez (SecureAuth) and Leandro Cuozzo (SecureAuth)
ASRock Drivers Elevation of Privilege Vulnerabilities
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 3, 2019