Design/Logic Flaw

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate...

Code injection

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run...

CVE-2018-10712

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run co...

CVE-2018-10711

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-...

CVE-2018-10712

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run co...

Code injection

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-...

CVE-2018-10709

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run...

CVE-2018-10709

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run...

Code injection

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run co...

CVE-2018-10710

The CVE-2018-10710 entry concerns ASRock drivers: AsrDrv101.sys and AsrDrv102.sys in ASRock RGBLED, A-Tuning, F-Stream, and RestartToUEFI expose IOCTLs that read/write arbitrary physical memory. This enables local privilege escalation by a user with low privileges. Affected versions are ASRock RG...

CVE-2018-10710

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate...

CVE-2018-10712

CVE-2018-10712 affects ASRock RGBLED and related ASRock utilities (ASrDrv101.sys/AsrDrv102.sys) that expose IO port read/write access via low-level drivers. Details from multiple sources show vulnerable components include ASRock RGBLED < v1.0.35.1, A-Tuning < v3.0.210, F-Stream < v3.0.21...

CVE-2018-10711

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers MSRs. This could be leveraged to execute arbitrary ring-...

CVE-2018-10709

The CVE-2018-10709 entry concerns ASRock drivers: AsrDrv101.sys/AsrDrv102.sys in ASRock RGBLED, A-Tuning, F-Stream, RestartToUEFI. The described vulnerability arises from IOCTL interfaces that expose read/write access to CR register values, enabling local privilege escalation and potential code e...

CVE-2018-10711

The CVE-2018-10711 entry concerns ASRock driver components AsrDrv101.sys and AsrDrv102.sys used by ASRock RGBLED, A-Tuning, F-Stream, and RestartToUEFI. The driver versions listed expose functionality to read/write Machine Specific Registers (MSRs), enabling execution of arbitrary ring-0 code on ...

ASRock Drivers Privilege Escalation / Code Execution

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ ASRock Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title: ASRock Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0005 Advisory URL:...