ASA-2018-00009 – ASRock: Drivers allow non-privileged user arbitrary access to MSRs

The drivers affected expose to a non-privileged user arbitrary access to MSRs (Machine Specific Registers) through ioctl() system call. The ioctl arguments are 0x222848 and 0x22284C. Access to MSRs allow an attacker to directly tinker with the system and take advantage in several ways. This vulnerability allows an attacker to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.