Описание
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.210 (исключая)Версия до 3.0.210 (исключая)Версия до 1.0.6.2 (исключая)Версия до 1.0.35.1 (исключая)
Одно из
cpe:2.3:a:asrock:a-tuning:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:f-stream:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:restart_to_uefi:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:rgbled:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00139
Низкий
7.1 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 7.1
github
больше 3 лет назад
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
EPSS
Процентиль: 34%
0.00139
Низкий
7.1 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-732