CVE-2018-10711

Published: Oct 30, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.

Affected (4)

Products: Asrock: A Tuning, F Stream, Restart To Uefi, Rgbled

4 products

Restart To Uefi

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Asrock A Tuning	Before 3.0.210
Asrock F Stream	Before 3.0.210
Asrock Restart To Uefi	Before 1.0.6.2
Asrock Rgbled	Before 1.0.35.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://www.exploit-db.com/exploits/45716/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/45716/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.