ASA-2018-00010 – ASRock: Drivers allow non-privileged user arbitrary access to I/O ports

The drivers affected expose to a non-privileged user arbitrary access to I/O ports through ioctl() system call. The ioctl arguments are 0x222810 and 0x222814. Access to I/O ports allow an attacker to directly tinker with the system and take advantage in several ways. This vulnerability allows an attacker to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.

ASA-2018-00009 – ASRock: Drivers allow non-privileged user arbitrary access to MSRs

The drivers affected expose to a non-privileged user arbitrary access to MSRs (Machine Specific Registers) through ioctl() system call. The ioctl arguments are 0x222848 and 0x22284C. Access to MSRs allow an attacker to directly tinker with the system and take advantage in several ways. This vulnerability allows an attacker to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.

ASA-2018-00008 – ASRock: Drivers allow non-privileged user arbitrary physical memory read/write

The drivers affected expose to a non-privileged user arbitrary access to physical memory through ioctl() system call. The ioctl argument for writing to physical memory is 0x22280C. Access to physical memory allows an attacker to directly tinker with the system and take advantage in several ways. This vulnerability allows an attacker to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.

ASA-2018-00007 – ASRock: Drivers allow non-privileged user arbitrary access to control registers

The drivers affected expose to a non-privileged user access to control registers of the CPU through ioctl() system call. The ioctl arguments are 0x22286C and 0x222870. The control registers are registers in CPU that control its general behaviour and exposing access to them allows an attacker to totally control the CPU. This can be abused in several ways by attackers to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.