Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review
MSI Clutch GM31 Lightweight​ (+Wireless) mice review
AMD Ryzen 9 7900 processor review
AMD Ryzen 7 7700 processor review
AMD Ryzen 5 7600 processor review

New Downloads
CPU-Z download v2.04
Intel ARC graphics Driver Download Version: 31.0.101.4090
AMD Radeon Software Adrenalin 23.1.2 (RX 7900) download
GeForce 528.24 WHQL driver download
Display Driver Uninstaller Download version 18.0.6.0
Download Intel network driver package 27.8
ReShade download v5.6.0
Media Player Classic - Home Cinema v2.0.0 Download
HWiNFO Download v7.36
MSI Afterburner 4.6.5 (Beta 4) Download


New Forum Topics
Monitor turns black and windows disable my GPU driver SteelSeries releasing three models speakers, including 5.1ch surround Arena 9 Amernime Zone AMD Software: Adrenalin / Pro Driver - Release Discovery 22.12.2 WHQL Seagate will release 22TB and 24TB hard disk drives, and in Q3, HAMR HDD with 30TB or more AMD Software: Adrenalin Edition 23.1.2 for AMD Radeon™ RX 7900 Series NVIDIA GeForce 528.24 WHQL driver download & Discussion 7-Zip decompression speed test, the Intel Core i9-13900K is 60% faster than the i9-12900K. Forspoken implements Microsoft's DirectStorage API, faster load times; lowers FPS; raises FPS? 4th proprietary graphics driver is now available exclusively for AMD Radeon RX 7900 XTX and XT Intel Shares Fourth-Quarter and Full-Year 2022 Financial Results




Guru3D.com » News » Asus Aura Sync and Gigabyte Xtreme Software contain vulnerabilities

Asus Aura Sync and Gigabyte Xtreme Software contain vulnerabilities

by Hilbert Hagedoorn on: 12/20/2018 06:43 PM | source: tweakers.net | 1 comment(s)
Asus Aura Sync and Gigabyte Xtreme Software contain vulnerabilities

A security company called SecureAuth shares word that that two drivers from Asus and also two from Gigabyte contain vulnerabilities. The drivers come bundled with tools that companies provide for motherboards and video cards.

In total, there are seven vulnerabilities affecting five software products, and researchers wrote exploit code for each of them. Many of them might still be unaddressed. Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be exploited for local code execution reports Dutch-based tweakers.net via bleeping computer:

The vulnerabilities lead to privilege escalation via software like the GIGABYTE App Center (v1.05.21 and below), AORUS Graphics Engine (v1.33 and below), the XTREME Engine utility (v1.25 and earlier), and OC Guru II (v2.08). The vulnerabilities are tagged under CVE-2018-18535, CVE-2018-18536 and CVE-2018-1853. The first and last allow the execution of code with elevated rights, the second can lead to the reading and writing of data via the I/O ports. ASUS has been informed in November last year. In April, Asus released a new version of Aura Sync, but it only fixed two of the three problems, according to SecureAuth.

Vulnerable Packages

  • ASUS Aura Sync v1.07.22 and previous versions

The vulnerabilities in Gigabyte 's gpcidrv and gdrv drivers are CVE-2018-19320, CVE-2018-19321, CVE-2018-19322 and CVE-2018-19323. This driver supplies the company with the Gigabyte App Center, Aorus Graphic Engine, Xtreme Gaming Engine and OC Guru II. The vulnerabilities make it possible, among other things, to take over a system. There is a proof-of-concept that performs read and write actions on virtual memory and causes a system crash. On April 24th Gigabyte was notified, but the company had released a new version of the software on July 16th that was no longer affected.

Vulnerable Packages

  • GIGABYTE APP Center v1.05.21 and previous
  • AORUS GRAPHICS ENGINE v1.33 and previous
  • XTREME GAMING ENGINE v1.25 and previous
  • OC GURU II v2.08


 










« NVIDIA TITAN RTX Benchmarks · Asus Aura Sync and Gigabyte Xtreme Software contain vulnerabilities · Acer releases Predator XR342CKP monitor at 100Hz and FreeSync »

WareTernal
Senior Member



Posts: 259
Joined: 2013-09-27

#5619406 Posted on: 12/20/2018 09:51 PM
"In mei 2018 zou Gigabyte op de hoogte gebracht zijn, maar het bedrijf zou gemeld hebben dat zijn producten niet getroffen zijn door de kwetsbaarheden." - tweakers.net
"In May 2018, Gigabyte would have been notified, but the company would have reported that its products were not affected by the vulnerabilities." - Google translate

Google translate seems to have completely changed the meaning to imply that Gigabyte was not contacted.
"would have been, but" = "wasn't" + (excuse)
A more accurate translation can be derived from the bleepingcomputer story.
-SecureAuth contacted GIGABYTE on April 24, 2018-
-Gigabyte responded on April 30, 2018
-in May 2018 Gigabyte asked for details and guidance to confirm the vulnerabilities
-Ultimately Gigabyte claimed their software was not affected

IMO it should read like this:
"On April 24th Gigabyte was notified, but the company had released a new version of the software on July 16th that was no longer affected."

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023