ASUS, GIGABYTE Drivers Contain Code Execution Vulnerabilities - PoCs Galore

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/asus-gigabyte-drivers-contain-code-execution-vulnerabilities-pocs-galore/

Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code.
In total, there are seven vulnerabilities affecting five software products, and researchers wrote exploit code for each of them. Many of them might still be unaddressed.

Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be exploited for local code execution.
The drivers from GIGABYTE are distributed with motherboards and graphics cards of the same brand as well as from the company's subsidiary, AORUS.

The vulnerabilities lead to privilege escalation via software like the GIGABYTE App Center (v1.05.21 and below), AORUS Graphics Engine (v1.33 and below), the XTREME Engine utility (v1.25 and earlier), and OC Guru II (v2.08).

GIGABYTE drivers allow interaction with non-privileged processes

Juarez also analyzed GPCIDrv and GDrv drivers from GIGABYTE and found that they can receive system calls from non-privileged user processes, even those running at a low integrity level, considered by Windows to run code that is not trusted.
The first vulnerability he uncovered, now tracked as CVE-2018-19320, offers an attacker the possibility to take full control of the system.
To highlight this, Juarez created a PoC for GDrv where non-privileged read/write access is granted to arbitrary virtual memory. Since it is for demo purposes, all his code does is trigger a system crash.
... ...

 

[shmu26]

Just don't install the junky optional software that manufacturers like to push on you.

 

[upnorth]

I agree. The sad part is when it comes pre-installed.