CVE-2020-15368:ASRock RGB Driver Privilege Escalation Vulnerability

splash
Back

Description Preview

A vulnerability in the ASRock RGB Driver (AsrDrv103.sys) allows unprivileged users to execute arbitrary code with kernel privileges. The driver fails to properly restrict access from user space, enabling attackers to manipulate critical system registers including CR3 (Control Register 3), which can lead to system crashes or complete system compromise.

Overview

The ASRock RGB Driver (AsrDrv103.sys) contains a critical security vulnerability that allows unprivileged users to access kernel-level functions. The driver exposes dangerous functionality to user mode applications without proper access controls or validation. Specifically, the driver permits user applications to directly manipulate Control Register 3 (CR3), which stores the base address of the page directory and is critical for memory management. By setting CR3 to zero, an attacker can trigger a triple fault (an unrecoverable error) that crashes the system. More sophisticated exploitation could potentially lead to arbitrary code execution with kernel privileges, allowing complete system compromise. This vulnerability affects systems with the ASRock RGB Driver installed, which is commonly bundled with ASRock motherboards for RGB lighting control.

Remediation

  1. Update the ASRock RGB Driver to the latest version if a patched version is available.
  2. If no patch is available, consider uninstalling the ASRock RGB Driver software.
  3. Use alternative RGB control software that doesn't contain this vulnerability.
  4. Implement application control or whitelisting to prevent unauthorized applications from interacting with the vulnerable driver.
  5. Monitor system logs for unusual activity that might indicate exploitation attempts.
  6. Consider implementing least privilege principles for all user accounts to minimize potential impact.

References

  1. Original vulnerability disclosure: https://codetector.org/post/asrock_rgb_driver/
  2. Proof of concept and technical details: https://github.com/stong/CVE-2020-15368
  3. CVE-2020-15368 in the National Vulnerability Database
  4. The vulnerability affects Control Register 3 (CR3), which is critical for memory management in x86 processors.
  5. This issue is an example of improper access control in kernel-mode drivers, allowing user-mode applications to perform privileged operations.

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background