CVE-2026-9492

GIGABYTE · MBStorage

An improper access control vulnerability in the MBStorage DRAM lighting module of Gigabyte Control Center allows local attackers to exploit exposed IOCTLs.

Executive summary

A high-severity improper access control vulnerability in the GIGABYTE MBStorage module could allow a local attacker to achieve unauthorized system-level actions.

Vulnerability

The vulnerability involves insufficient access control (CWE-782) for exposed IOCTLs within the MBStorage DRAM lighting control module, allowing a locally authenticated user to interact with the driver in an unauthorized manner.

Business impact

The CVSS score of 7.8 reflects the potential for a local attacker to compromise the host system's security. Unauthorized access to system-level controls via the driver could result in full system compromise, data loss, or persistent malware installation.

Remediation

Immediate Action: Update the MBStorage component within the Gigabyte Control Center to version 26.06.03.01 or later.

Proactive Monitoring: Review system logs for suspicious IOCTL-related activity or unauthorized modifications to system lighting configurations.

Compensating Controls: Restrict non-administrator user access to the Gigabyte Control Center software where possible to minimize the attack surface.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

This vulnerability presents a clear risk to local host security. Users and system administrators should verify their version of the MBStorage module and apply the update to version 26.06.03.01 immediately to close the access control gap.