gigabyte aorus-graphics-engine CVE-2018-19321 vulnerability in Gigabyte Products
Published on December 21, 2018

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

NVD

Known Exploited Vulnerability

This GIGABYTE Multiple Products Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

The following remediation steps are recommended / required by November 14, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2018-19321 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.


Products Associated with CVE-2018-19321

You can be notified by stack.watch whenever vulnerabilities like CVE-2018-19321 are published in these products:

Gigabyte Aorus Graphics Engine
 
Gigabyte App Center
 
Gigabyte Oc Guru Ii
 
Gigabyte Xtreme Gaming Engine
 

What versions are vulnerable to CVE-2018-19321?