#VU15551 Privilege escalation in ASRock products - CVE-2018-10711
Published: October 26, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU15551
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-10711
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
Software vendor:
ASRock
ASRock
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the drivers expose functionality to read and write Machine Specific Registers (MSRs). A remote attacker can execute arbitrary ring-0 code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to the drivers expose functionality to read and write Machine Specific Registers (MSRs). A remote attacker can execute arbitrary ring-0 code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.