Headline
CVE-2022-22996: WDC-22007 SanDisk Professional G-RAID 4/8 Software Utility setup for Windows, Privilege Escalation | Western Digital
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.
Last Updated: March 29, 2022
Description
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. Western Digital recommends all users install the latest updates for the Windows app and driver from the links below.
Product Impact
Minimum Fix Version
Last Updated
G-RAID 4/8 Software Utility Windows App
300520006-2
March 23, 2022
G-RAID 4/8 Software Utility Windows Driver
6.2.0.16-2
March 23, 2022
Advisory Summary
Resolved the DLL hijacking vulnerability in the G-RAID 4/8 Software Utility Windows app and driver which could allow malicious users to carry out escalation of privileges.
CVE Number: CVE-2022-22996
Reported By: DoHyun Lee(@l33d0hyun) and SeungYun LEE(@SeungYun_Le2) of Korea University Sejong Campus and JaeHeng Yoon(@onnoveath) of JENBlack Soft