ASA-2018-00097 – ASUS: Driver allows non-privileged user access to MSR register

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2018-00097

Identifier(s)

ASA-2018-00097, CORE-2017-0012, CVE-2018-18535

Title

Driver allows non-privileged user access to MSR register

Vendor(s)

ASUS

Product(s)

ASUS Aura Sync

Affected version(s)

ASUS Aura Sync v1.07.22 and previous versions

Fixed version(s)

Unknown

Proof of concept

Yes

Description

Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges.

Technical details

Asusgio exposes a functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.

Credits

Diego Juarez (SecureAuth) and Leandro Cuozzo (SecureAuth)

Reference(s)

ASUS Drivers Elevation of Privilege Vulnerabilities
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities

[CORE-2017-0012] – ASUS Drivers Elevation of Privilege Vulnerabilities
https://seclists.org/fulldisclosure/2018/Dec/34

CVE-2018-18535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18535

CVE-2018-18535
https://nvd.nist.gov/vuln/detail/CVE-2018-18535

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 3, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.