ASUS, GIGABYTE Drivers Contain Code Execution Vulnerabilities - PoCs Galore

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code.
In total, there are seven vulnerabilities affecting five software products, and researchers wrote exploit code for each of them. Many of them might still be unaddressed.

Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be exploited for local code execution.
The drivers from GIGABYTE are distributed with motherboards and graphics cards of the same brand as well as from the company's subsidiary, AORUS.

The vulnerabilities lead to privilege escalation via software like the GIGABYTE App Center (v1.05.21 and below), AORUS Graphics Engine (v1.33 and below), the XTREME Engine utility (v1.25 and earlier), and OC Guru II (v2.08).
GIGABYTE drivers allow interaction with non-privileged processes

Juarez also analyzed GPCIDrv and GDrv drivers from GIGABYTE and found that they can receive system calls from non-privileged user processes, even those running at a low integrity level, considered by Windows to run code that is not trusted.
The first vulnerability he uncovered, now tracked as CVE-2018-19320, offers an attacker the possibility to take full control of the system.
To highlight this, Juarez created a PoC for GDrv where non-privileged read/write access is granted to arbitrary virtual memory. Since it is for demo purposes, all his code does is trigger a system crash.
... ...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top