gigabyte aorus-graphics-engine CVE-2018-19320 vulnerability in Gigabyte Products
Published on December 21, 2018

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

NVD

Known Exploited Vulnerability

This GIGABYTE Multiple Products Unspecified Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

The following remediation steps are recommended / required by November 14, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2018-19320 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.


Products Associated with CVE-2018-19320

You can be notified by stack.watch whenever vulnerabilities like CVE-2018-19320 are published in these products:

 
 
 
 

What versions are vulnerable to CVE-2018-19320?