CVE-2018-19320
HIGH CISA KEV EPSS 88.0%
Published Dec 21, 20187y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Dec 21, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Oct 24, 2022 3y ago
KEV Due Nov 14, 2022 1326d overdue
Description
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
CISA Known Exploited Overdue 1326d
- Added
- Oct 24, 2022
- Due
- Nov 14, 2022
Apply updates per vendor instructions.
EPSS Exploit Probability
88.0% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available
Affected Products 4
References 6
- seclists.org http://seclists.org/fulldisclosure/2018/Dec/39
- securityfocus.com http://www.securityfocus.com/bid/106252
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19320
- gigabyte.com https://www.gigabyte.com/Support/Security/1801
- gigabyte.com https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
- secureauth.com https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.