Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Advertisement
By Jamshed Avari | Updated: 21 December 2018 13:36 IST
Highlights
  • A security research firm has found flaws in Asus and Gigabyte's drivers
  • Utilities to control RGB LEDs, overclocking and performance are affected
  • Neither company took adequate steps to fix the problems despite warnings
Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Security research firm SecureAuth has discovered multiple serious vulnerabilities in drivers distributed with various Asus and Gigabyte hardware components, which could give remote attackers the ability to execute code on a victim's PC. The drivers are used by software utilities to let users control various features that these manufacturers implement, including RGB LED lighting effects, overclocking, fan speed controls, and performance monitoring. SecureAuth researcher Diego Juarez is credited with discovering these problems. The company says it contacted both Asus and Gigabyte starting in November 2017 and April 2018 respectively, but the companies have not done enough to mitigate the problems in their software and drivers.

In the case of Asus, the flaws were discovered in the GLCKIo and Asusgio drivers which are part of the company's Aura Sync software. This package is distributed with multiple Asus hardware components and lets users synchronise RGB LED colours and animation patterns. This has become a major feature of both PC components and peripherals over the past two years. SecureAuth has published proofs of concept for three separate problems that can be used to execute arbitrary code with elevated privileges.

Asus has reportedly fixed one of the bugs but the other two are still exploitable, but has claimed that all three have been addressed. A timeline published by SecureAuth shows that it logged a number of attempts to contact Asus, with little success.

Gigabyte's vulnerabilities relate to the GPCIDrv and GDrv drivers that are installed by its desktop monitoring and overclocking software for motherboards and graphics cards. The affected programs are called Gigabyte App Center, Aorus Graphics Engine, Xtreme Gaming Engine, and OC Guru II. The low-level kernel drivers they install communicate with the hardware in question to monitor its status and implement configuration changes. In this case, SecureAuth found four problems including one that allows untrusted code to read or write to areas of system memory that are meant to be restricted to security-privileged processes.

Advertisement

The company's communications log in this case shows that Gigabyte simply denied that its products are affected by these flaws. The proofs of concept supplied by SecureAuth were able to cause system crashes and reboots because they were not designed to be malicious, only illustrate how the flaws work.

The research firm has now published its knowledge of these flaws because enough time has passed since the companies stopped responding and it deemed a public advisory necessary. SecureAuth points out that it has not tested every version of all the software these companies release, or similar software from other vendors, which could also just as easily be insecure.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Asus, Gigabyte, SecureAuth, security
Advertisement

Related Stories

Popular Mobile Brands
  1. Samsung Galaxy S25 Ultra Price in India Discounted for a Limited Time
  2. Trump Mobile T1 Phone With 5,000mAh Battery Announced; See Price, Features
  3. Oppo Reno 14 5G Series, Watch X2 Mini, Enco Buds 3, Pad SE to Launch Globally
  4. OnePlus Nord 5 and Nord CE 5 Colour Options, Key Features Leaked
  5. Poco F7 5G to Launch in India and Global Markets on This Date
  6. Google Pixel 10 Series May Get a Tele-Macro Camera: All Details
  7. Vivo T4 Lite 5G to Launch in India Soon; Battery Capacity Revealed
  8. Meta Might Be Trying to Fix the Privacy Problem of Its AI App
  9. Samsung Galaxy Watch 8 Series Design Revealed in New Leaked Renders
  10. OnePlus 15 May Get a Big Design Overhaul
  1. Reddit Unveils Reddit Community Intelligence, Its Suite of AI-Powered Ad Tools for Enterprises
  2. Sony Bravia 8 II QD-OLED TV Series With Acoustic Surface+ Audio, Studio Calibrated Mode Launched in India
  3. Asus Unveils Refreshed Vivobook S16, S16 OLED Laptops in India Alongside Vivobook S14: Price, Features
  4. Apple Watch Ultra 3 Said to Launch This Year; Product Roadmap for Next Three Years Leaked
  5. Google Unveils India-Focused Safety Charter, Shares How It Is Using AI to Combat Online Frauds and Scams
  6. Realme Buds Wireless 5 Lite India Launch Date Set for June 23; Availability Details, Key Features Revealed
  7. Prince of Persia: Sands of Time Remake Remains "Deep" in Development, Says Ubisoft
  8. Trump Mobile T1 Smartphone With 6.8-Inch Display, 5,000mAh Battery Announced; Price, Specifications
  9. Samsung Galaxy S25 Ultra Price in India Discounted for a Limited Time: Check Offers, Availability
  10. Poco F7 5G India Launch Date Set for June 24; to Debut in Global Markets On the Same Day
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.