Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

ACTIVE-2020-001: CORSAIR iCUE Driver Local Privilege Escalation

Vulnerability Type:

Privilege Escalation

Vendors:

CORSAIR

CVE ID:

CVE-2020-8808

Affected Products:

  • CORSAIR iCUE version 3.24.52 and older

Summary:

CorsairLLAccess64.sys/CorsairLLAccess32.sys driver in CORSAIR iCUE version 3.24.52 and older allows local non-privileged users (including low-integrity level processes) to read and write arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges via MmMapIoSpace amongest other function calls.

Mitigation:

The vendor has released a patch in version 3.25.60 addressing this vulnerability.

Credit:

This vulnerability was found by Hashim Jawad of ACTIVELabs.

References:

Disclosure Timeline:

  • 12-10-19: ACTIVELabs submitted a ticket to CORSAIR via support portal
  • 12-12-19: CORSAIR support requested vulnerability details to forward to the appropriate team
  • 12-16-19: ACTIVELabs sent vulnerability details along with proof-of-concept exploit to CORSAIR support
  • 12-17-19: CORSAIR support responded that they will look into it and get back with us
  • 12-31-19: ACTIVELabs requested an update
  • 12-31-19: CORSAIR support responded there is no update for the time being
  • 01-13-20: ACTIVELabs tested version 3.24.52 released on 01/06/2020 and informed CORSAIR support that the driver is indeed still vulnerable
  • 01-14-20: CORSAIR support responded there is no update on this ticket still
  • 01-17-20: CORSAIR support updated ACTIVELabs that the issue has been resolved in version 3.25.54 and asked if we would like a copy of the patch
  • 01-20-20: ACTIVELabs requested to test the patch and provide timeline on when the patched version will be made public
  • 01-22-20: CORSAIR support responded the ETA for the patch is 01/28/20 and shared link to download the patch
  • 01-24-20: ACTIVELabs informed CORSAIR support that the patch has nullified the reported vulnerability and an advisory along with blog post will be released once the patch is made public
  • 01-30-20: ACTIVELabs request an update in regard to patch ETA which was supposed to be released on 01/28/20
  • 01-30-20: CORSAIR support responded that new update was requested last minute and they will share new ETA once determined
  • 02-06-20: ACTIVELabs requested an update
  • 02-06-20: CORSAIR support responded that new version will be released today
  • 02-06-20: ACTIVELabs sent CORSAIR support draft blog post for review
  • 02-06-20: CORSAIR iCUE version 3.25.60 released
  • 02-07-20: ACTIVELabs publishes this advisory
  • 02-07-20: ACTIVELabs request CVE from MITRE
  • 02-07-20: CVE-2020-8808 assigned