Allele Security Alert
ASA-2018-00101
Identifier(s)
ASA-2018-00101, CORE-2018-0007, CVE-2018-19321
Title
Drivers allow non-privileged user arbitrary read/write access to physical memory
Vendor(s)
Gigabyte
Product(s)
GIGABYTE APP Center
AORUS GRAPHICS ENGINE
XTREME GAMING ENGINE
OC GURU II
Affected version(s)
GIGABYTE APP Center v1.05.21 and previous
AORUS GRAPHICS ENGINE v1.33 and previous
XTREME GAMING ENGINE v1.25 and previous
OC GURU II v2.08
Fixed version(s)
Unknown
Proof of concept
Yes
Description
Default installation allows non-privileged user processes (even running at LOW INTEGRITY) to get a HANDLE and issue IOCTL codes to these drivers.
Technical details
Both GPCI and GIO expose functionality to read/write arbitrary physical memory, allowing a local attacker to take complete control of the affected system.
Credits
Diego Juarez (SecureAuth) and Leandro Cuozzo (SecureAuth)
Reference(s)
GIGABYTE Drivers Elevation of Privilege Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
[CORE-2018-0007] – GIGABYTE Driver Elevation of Privilege Vulnerabilities
https://seclists.org/fulldisclosure/2018/Dec/39
Weaponizing vulnerable driver for privilege escalation— Gigabyte Edition!
https://medium.com/@fsx30/weaponizing-vulnerable-driver-for-privilege-escalation-gigabyte-edition-e73ee523598b
CVE-2018-19321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19321
CVE-2018-19321
https://nvd.nist.gov/vuln/detail/CVE-2018-19321
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 29, 2019