ASA-2018-00099 – Gigabyte: Drivers allow non-privileged user access to port mapped I/O

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2018-00099

Identifier(s)

ASA-2018-00099, CORE-2018-0007, CVE-2018-19322

Title

Driver allow non-privileged user access to port mapped I/O

Vendor(s)

Gigabyte

Product(s)

GIGABYTE APP Center
AORUS GRAPHICS ENGINE
XTREME GAMING ENGINE
OC GURU II

Affected version(s)

GIGABYTE APP Center v1.05.21 and previous
AORUS GRAPHICS ENGINE v1.33 and previous
XTREME GAMING ENGINE v1.25 and previous
OC GURU II v2.08

Fixed version(s)

Unknown

Proof of concept

Yes

Description

Default installation allows non-privileged user processes (even running at LOW INTEGRITY) to get a HANDLE and issue IOCTL codes to these drivers.

Technical details

Both GPCI and GIO expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Credits

Diego Juarez (SecureAuth) and Leandro Cuozzo (SecureAuth)

Reference(s)

GIGABYTE Drivers Elevation of Privilege Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities

[CORE-2018-0007] – GIGABYTE Driver Elevation of Privilege Vulnerabilities
https://seclists.org/fulldisclosure/2018/Dec/39

CVE-2018-19322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19322

CVE-2018-19322
https://nvd.nist.gov/vuln/detail/CVE-2018-19322

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 3, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.