Multiple vulnerabilities in ASRock Drivers
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-10710 CVE-2018-10709 CVE-2018-10711 CVE-2018-10712 |
| CWE-ID | CWE-200 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
ASRock RGBLED Hardware solutions / Drivers ASRock RestartToUEFI Hardware solutions / Drivers ASRock F-Stream Hardware solutions / Drivers ASRock A-Tuning Hardware solutions / Drivers |
| Vendor | ASRock |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU15549
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-10710
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to input/output control code in the driver, which exposed functionality to read and write arbitrary physical memory. A remote attacker can gain access to arbitrary data that may be used to gain elevated privileges.
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
ASRock RGBLED: before 1.0.36
ASRock RestartToUEFI: before 1.0.7
ASRock F-Stream: before 3.0.216
ASRock A-Tuning: before 3.0.216
CPE2.3- cpe:2.3:h:asrock:asrock_rgbled:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_restarttouefi:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_f-stream:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_a-tuning:*:*:*:*:*:*:*:*
https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Privilege escalation
EUVDB-ID: #VU15550
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-10709
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the drivers expose functionality to read and write control register (CR) values. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
ASRock RGBLED: before 1.0.36
ASRock RestartToUEFI: before 1.0.7
ASRock F-Stream: before 3.0.216
ASRock A-Tuning: before 3.0.216
CPE2.3- cpe:2.3:h:asrock:asrock_rgbled:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_restarttouefi:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_f-stream:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_a-tuning:*:*:*:*:*:*:*:*
https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Privilege escalation
EUVDB-ID: #VU15551
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-10711
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the drivers expose functionality to read and write Machine Specific Registers (MSRs). A remote attacker can execute arbitrary ring-0 code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
ASRock RGBLED: before 1.0.36
ASRock RestartToUEFI: before 1.0.7
ASRock F-Stream: before 3.0.216
ASRock A-Tuning: before 3.0.216
CPE2.3- cpe:2.3:h:asrock:asrock_rgbled:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_restarttouefi:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_f-stream:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_a-tuning:*:*:*:*:*:*:*:*
https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Privilege escalation
EUVDB-ID: #VU15552
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-10712
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to exposure of functionality to read/write data from/to IO ports. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
ASRock RGBLED: before 1.0.36
ASRock RestartToUEFI: before 1.0.7
ASRock F-Stream: before 3.0.216
ASRock A-Tuning: before 3.0.216
CPE2.3- cpe:2.3:h:asrock:asrock_rgbled:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_restarttouefi:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_f-stream:*:*:*:*:*:*:*:*
- cpe:2.3:h:asrock:asrock_a-tuning:*:*:*:*:*:*:*:*
https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
