PT-2018-10059 · Asrock · Restarttouefi+3
Diego Juarez
·
Publicado
2018-10-30
·
Atualizado
2019-10-03
·
CVE-2018-10710
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ASRock RGBLED versions prior to 1.0.35.1
A-Tuning versions prior to 3.0.210
F-Stream versions prior to 3.0.210
RestartToUEFI versions prior to 1.0.6.2
Description
The issue allows a local attacker to elevate privileges by leveraging the exposed functionality of the AsrDrv101.sys and AsrDrv102.sys low-level drivers to read and write arbitrary physical memory.
Recommendations
For ASRock RGBLED versions prior to 1.0.35.1, update to version 1.0.35.1 or later.
For A-Tuning versions prior to 3.0.210, update to version 3.0.210 or later.
For F-Stream versions prior to 3.0.210, update to version 3.0.210 or later.
For RestartToUEFI versions prior to 1.0.6.2, update to version 1.0.6.2 or later.
Exploit
Correção
Incorrect Permission
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
A-Tuning
Asrock Rgbled
F-Stream
Restarttouefi