Drivers for Asus Aura Sync and Gigabyte Xtreme Engine contain vulnerabilities
Security company SecureAuth claims that two drivers from Asus and two from Gigabyte contain vulnerabilities. The drivers come bundled with tools that the companies provide for motherboards and video cards.
As for Asus, these are the glckio and Asusgio drivers that the company installs when a user adds Aura Sync to their system. This is Asus’ program to manage RGB lighting. The vulnerabilities are CVE-2018-18535, CVE-2018-18536, and CVE-2018-1853. The first and last allow executing code with elevated privileges, the second can lead to reading and writing data via the I/O ports.
SecureAuth has written proof-of-concepts that show that the vulnerabilities can be exploited, although the effects in those examples have been weakened to, for example, crashes and reboots. The security company already informed Asus about the vulnerabilities in November last year. In April, Asus released a new version of Aura Sync, but it only fixed two of the three issues, according to SecureAuth.
The vulnerabilities in Gigabyte’s gpcidrv and gdrv drivers are CVE-2018-19320, CVE-2018-19321, CVE-2018-19322, and CVE-2018-19323. The company ships this driver with the Gigabyte App Center, Aorus Graphic Engine, Xtreme Gaming Engine and OC Guru II. The vulnerabilities make it possible, among other things, to take over a system. There is a proof-of-concept that, for example, performs reads and writes on virtual memory, causing a system crash, Bleeping Computer writes. Gigabyte was said to have been notified in May 2018, but the company reportedly reported that its products were not affected by the vulnerabilities.