CVE-2018-19322
HIGH CISA KEV EPSS 76.7%
Published Dec 21, 20187y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Dec 21, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Oct 24, 2022 3y ago
KEV Due Nov 14, 2022 1326d overdue
Description
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
CISA Known Exploited Overdue 1326d
- Added
- Oct 24, 2022
- Due
- Nov 14, 2022
Apply updates per vendor instructions.
EPSS Exploit Probability
76.7% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available
Weaknesses 1
CWE-749
Affected Products 4
References 6
- seclists.org http://seclists.org/fulldisclosure/2018/Dec/39
- securityfocus.com http://www.securityfocus.com/bid/106252
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19322
- gigabyte.com https://www.gigabyte.com/Support/Security/1801
- gigabyte.com https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
- secureauth.com https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.