Published: 30/10/2018 Updated: 30/01/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asrock a-tuning
asrock restart to uefi
asrock f-stream
asrock rgbled

SecureAuth - SecureAuth Labs Advisory wwwsecureauthcom/ ASRock Drivers Elevation of Privilege Vulnerabilities 1 *Advisory Information* Title: ASRock Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0005 Advisory URL: wwwsecureauthcom/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities Date ...

ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options Multiple vulnerabilities were found in AsrDrv101sys and AsrDrv102sys low level d ...

CWE-20 https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities https://www.exploit-db.com/exploits/45716/https://nvd.nist.gov https://www.exploit-db.com/exploits/45716/

CVE-2018-10711

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect