A team of security researchers detected that several ASRock drivers feature multiple dangerous vulnerabilities. Following the announcement the vendor issued patches fixing the bugs. All ASRock clients are advised to update their drivers and associated software to the latest available versions.
ASRock Drivers Contain Vulnerabilities, Update Your Computer!
ASRock drvers have been found to contain multiple vulnerabilities according to a recent security notification. As the vendor is the third largest company selling motherboards to desktop users this presents a very serious issue. The issue was found in several low-level drivers that are used by the utilities installed by the system software. A list of all vulnerable packages is the following: ASRock RGBLED, A-Tuning, F-Stream and RestartToUEFI. At this time no incidents leveraging this bug have been reported.
These drivers are used to alter and query the status of the various modules on the installed motherboards. This characteristic allows them to dynamically change parameters such as cooler speed, LED colors, clock frequencies and etc. Such operations are done to overclock the computers — making changes to the standard parameters in order to increase performance.
The following vulnerabilities have been detected:
- CVE-2018-10709 — The proof-of-concept code shows that the ASRock RGB LED controls can allow non-privileged access to read and write the CR register values. As a result code with administrative privileges can be executed.
- CVE-2018-10710 — A special code that interacts with the drivers can be leveraged by a local attacker to elevate their privileges. The security team found out that this action exposes a function allowing it to read and write physical memory.
- CVE-2018-10711 — The drivers were found to expose a functionality allowing the attackers to read and write Macahine Specific Registers (MSRs).
- CVE-2018-10712 — The drivers contains a function that can read and write data from and to the I/O ports. This can be abused to run code with elevated privileges interacting on a very low level.
Following the private disclosure the company reacted quickly and issued the required drivers in due time. Updates were released for the affected models. This is the reason why the vendor always recommends that users regularly check and apply the latest drivers and software.