CVE-2026-9492
GIGABYTE · MBStorage
An improper access control vulnerability in the MBStorage DRAM lighting module of Gigabyte Control Center allows local attackers to exploit exposed IOCTLs.
Executive summary
A high-severity improper access control vulnerability in the GIGABYTE MBStorage module could allow a local attacker to achieve unauthorized system-level actions.
Vulnerability
The vulnerability involves insufficient access control (CWE-782) for exposed IOCTLs within the MBStorage DRAM lighting control module, allowing a locally authenticated user to interact with the driver in an unauthorized manner.
Business impact
The CVSS score of 7.8 reflects the potential for a local attacker to compromise the host system's security. Unauthorized access to system-level controls via the driver could result in full system compromise, data loss, or persistent malware installation.
Remediation
Immediate Action: Update the MBStorage component within the Gigabyte Control Center to version 26.06.03.01 or later.
Proactive Monitoring: Review system logs for suspicious IOCTL-related activity or unauthorized modifications to system lighting configurations.
Compensating Controls: Restrict non-administrator user access to the Gigabyte Control Center software where possible to minimize the attack surface.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
This vulnerability presents a clear risk to local host security. Users and system administrators should verify their version of the MBStorage module and apply the update to version 26.06.03.01 immediately to close the access control gap.