Privilege escalation in ASRock products - CVE-2018-10711
Published: October 26, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU15551
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-10711
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: ASRock
Affected software:
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
Detailed vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the drivers expose functionality to read and write Machine Specific Registers (MSRs). A remote attacker can execute arbitrary ring-0 code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to the drivers expose functionality to read and write Machine Specific Registers (MSRs). A remote attacker can execute arbitrary ring-0 code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-10711
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.