WDC-22007 SanDisk Professional G-RAID 4/8 Software Utility setup for Windows, Privilege Escalation

SanDisk Professional G-RAID 4/8 Software Utility setup for Windows, Privilege Escalation

WDC Tracking Number: WDC-22007
Published: March 29, 2022

Last Updated: March 29, 2022

Description

The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. Western Digital recommends all users install the latest updates for the Windows app and driver from the links below.

Product Impact

Minimum Fix Version

Last Updated

G-RAID 4/8 Software Utility Windows App

300520006-2

March 23, 2022

G-RAID 4/8 Software Utility Windows Driver

6.2.0.16-2

March 23, 2022

Advisory Summary

Resolved the DLL hijacking vulnerability in the G-RAID 4/8 Software Utility Windows app and driver which could allow malicious users to carry out escalation of privileges.

CVE Number: CVE-2022-22996

Reported By: DoHyun Lee(@l33d0hyun) and SeungYun LEE(@SeungYun_Le2) of Korea University Sejong Campus and JaeHeng Yoon(@onnoveath) of JENBlack Soft

Add up to 4 products

{{ skuObj.title.length

Compare

SanDisk Professional G-RAID 4/8 Software Utility setup for Windows, Privilege Escalation

Description

Advisory Summary

News and updates straight to your inbox