PT-2018-10059 · Asrock · Restarttouefi+3

Diego Juarez

Published

2018-10-30

Updated

2019-10-03

CVE-2018-10710

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ASRock RGBLED versions prior to 1.0.35.1 A-Tuning versions prior to 3.0.210 F-Stream versions prior to 3.0.210 RestartToUEFI versions prior to 1.0.6.2

Description The issue allows a local attacker to elevate privileges by leveraging the exposed functionality of the AsrDrv101.sys and AsrDrv102.sys low-level drivers to read and write arbitrary physical memory.

Recommendations For ASRock RGBLED versions prior to 1.0.35.1, update to version 1.0.35.1 or later. For A-Tuning versions prior to 3.0.210, update to version 3.0.210 or later. For F-Stream versions prior to 3.0.210, update to version 3.0.210 or later. For RestartToUEFI versions prior to 1.0.6.2, update to version 1.0.6.2 or later.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-10710

Affected Products

A-Tuning

Asrock Rgbled

F-Stream

Restarttouefi

PT-2018-10059 · Asrock · Restarttouefi+3

CVE-2018-10710

Weakness Enumeration

Related Identifiers

Affected Products

References · 4