Описание
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.210 (исключая)Версия до 3.0.210 (исключая)Версия до 1.0.6.2 (исключая)Версия до 1.0.35.1 (исключая)
Одно из
cpe:2.3:a:asrock:a-tuning:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:f-stream:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:restart_to_uefi:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:rgbled:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00224
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
EPSS
Процентиль: 45%
0.00224
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-732