ASA-2018-00007 – ASRock: Drivers allow non-privileged user arbitrary access to control registers

The drivers affected expose to a non-privileged user access to control registers of the CPU through ioctl() system call. The ioctl arguments are 0x22286C and 0x222870. The control registers are registers in CPU that control its general behaviour and exposing access to them allows an attacker to totally control the CPU. This can be abused in several ways by attackers to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.