SanDisk Professional G-RAID 4/8 Software Utility setup for Windows, Privilege Escalation


WDC Tracking Number: WDC-22007
Published: March 29, 2022

Last Updated: March 29, 2022

Description

The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. Western Digital recommends all users install the latest updates for the Windows app and driver from the links below.

Product Impact
Minimum Fix Version
Last Updated
G-RAID 4/8 Software Utility Windows App
300520006-2
March 23, 2022
G-RAID 4/8 Software Utility Windows Driver
6.2.0.16-2
March 23, 2022

Advisory Summary

Resolved the DLL hijacking vulnerability in the G-RAID 4/8 Software Utility Windows app and driver which could allow malicious users to carry out escalation of privileges.

CVE Number: CVE-2022-22996

Reported By: DoHyun Lee(@l33d0hyun) and SeungYun LEE(@SeungYun_Le2) of Korea University Sejong Campus and JaeHeng Yoon(@onnoveath) of JENBlack Soft