GIGABYTE GDrv Driver 权限提升漏洞
漏洞信息
漏洞名称: GIGABYTE GDrv Driver 权限提升漏洞
漏洞编号:
- CVE: CVE-2018-19323
漏洞类型: 权限提升
漏洞等级: 严重
漏洞描述: ### 受影响产品
GIGABYTE APP Center、AORUS GRAPHICS ENGINE、XTREME GAMING ENGINE和OC GURU II是技嘉科技推出的软件套件,主要用于硬件监控、超频和系统优化。这些软件广泛应用于使用技嘉主板的个人电脑和游戏系统中,特别是在游戏玩家和硬件爱好者中较为流行。
漏洞说明
该漏洞属于权限提升类型,由于GIGABYTE GDrv驱动程序中暴露了读取和写入机器特定寄存器(MSRs)的功能,本地攻击者可以利用这一漏洞操纵硬件行为。漏洞的根本原因在于驱动程序未能正确实施访问控制机制,导致低权限用户能够执行高权限操作。
影响分析
此漏洞允许本地攻击者在不具备管理员权限的情况下,通过操纵MSRs来提升自己的权限,可能导致系统被完全控制。由于攻击需要本地访问,因此风险主要存在于多用户环境或攻击者已经获得初步访问权限的情况下。漏洞的利用可能导致系统不稳定、数据泄露或其他恶意行为,且不需要用户交互即可自动执行,因此被评级为严重级别。
产品厂商: GIGABYTE
产品名称: GIGABYTE APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II
影响版本: GIGABYTE APP Center <= 1.05.21, AORUS GRAPHICS ENGINE < 1.57, XTREME GAMING ENGINE < 1.26, OC GURU II <= 2.08
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12680
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 contain a vulnerability caused by exposing functionality to read and write Machine Specific Registers (MSRs), letting local attackers potentially manipulate hardware behavior, exploit requires local access.
Severity: Critical
POC:
- http://seclists.org/fulldisclosure/2018/Dec/39
- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
KEV: True
Shodan Query: NA
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.