Gigabyte Gigabyte

  1. Vendors
  2. Gigabyte
Do you want an email whenever new security vulnerabilities are reported in any Gigabyte product?

Products by Gigabyte Sorted by Most Security Vulnerabilities since 2018

Gigabyte Aorus Graphics Engine4 vulnerabilities

Gigabyte App Center4 vulnerabilities

Gigabyte Oc Guru Ii4 vulnerabilities

Gigabyte Xtreme Gaming Engine4 vulnerabilities

Gigabyte App Center1 vulnerability

Known Exploited Gigabyte Vulnerabilities

The following Gigabyte vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
GIGABYTE Multiple Products Privilege Escalation Vulnerability The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. CVE-2018-19323 October 24, 2022
GIGABYTE Multiple Products Code Execution Vulnerability The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. CVE-2018-19322 October 24, 2022
GIGABYTE Multiple Products Privilege Escalation Vulnerability The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. CVE-2018-19321 October 24, 2022
GIGABYTE Multiple Products Unspecified Vulnerability The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system. CVE-2018-19320 October 24, 2022

By the Year

In 2024 there have been 0 vulnerabilities in Gigabyte . Gigabyte did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 7.20
2019 0 0.00
2018 4 8.30

It may take a day or so for new Gigabyte vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gigabyte Security Vulnerabilities

An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1

CVE-2019-7630 7.2 - High - March 25, 2020

An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.

Improper Initialization

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality

CVE-2018-19320 7.8 - High - December 21, 2018

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier

CVE-2018-19321 7.8 - High - December 21, 2018

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data

CVE-2018-19322 7.8 - High - December 21, 2018

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Exposed Dangerous Method or Function

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier

CVE-2018-19323 9.8 - Critical - December 21, 2018

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.