ASA-2018-00010 – ASRock: Drivers allow non-privileged user arbitrary access to I/O ports

The drivers affected expose to a non-privileged user arbitrary access to I/O ports through ioctl() system call. The ioctl arguments are 0x222810 and 0x222814. Access to I/O ports allow an attacker to directly tinker with the system and take advantage in several ways. This vulnerability allows an attacker to achieve privilege escalation, information leakage, denial of service and not limited to bypassing of mitigations and protections imposed by operating system.