Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code.
In total, there are seven vulnerabilities affecting five software products, and researchers wrote exploit code for each of them. Many of them might still be unaddressed.
Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be exploited for local code execution.
The drivers from GIGABYTE are distributed with motherboards and graphics cards of the same brand as well as from the company's subsidiary, AORUS.
The vulnerabilities lead to privilege escalation via software like the GIGABYTE App Center (v1.05.21 and below), AORUS Graphics Engine (v1.33 and below), the XTREME Engine utility (v1.25 and earlier), and OC Guru II (v2.08).