CVE-2018-19320

HIGH CISA KEV EPSS 88.0%
Published Dec 21, 20187y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Dec 21, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Oct 24, 2022 3y ago
KEV Due Nov 14, 2022 1326d overdue

Description

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 1326d
Added
Oct 24, 2022
Due
Nov 14, 2022

Apply updates per vendor instructions.

EPSS Exploit Probability
88.0% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available

Affected Products 4

VendorProductVersionRange
gigabyteaorus_graphics_engine* <1.57
gigabyteapp_center* <19.0422.1
gigabyteoc_guru_ii2.08any
gigabytextreme_gaming_engine* <1.26

References 6

  • seclists.org http://seclists.org/fulldisclosure/2018/Dec/39
    ExploitMailing ListThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/106252
    Broken LinkThird Party AdvisoryVDB Entry
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19320
    US Government Resource
  • gigabyte.com https://www.gigabyte.com/Support/Security/1801
    Vendor Advisory
  • gigabyte.com https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
    Product
  • secureauth.com https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
    Broken LinkExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.