Vulnerabilities > CVE-2018-19321 - Unspecified vulnerability in Gigabyte products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gigabyte

NVD

Published: 2018-12-21

Updated: 2024-06-28

Summary

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Vulnerable Configurations

Part	Description	Count
Application	Gigabyte Gigabyte OC Guru II 2.08 Gigabyte Aorus Graphics Engine 1.33 Gigabyte APP Center 1.05.21 Gigabyte APP Center 19.0227.1 Gigabyte Xtreme Gaming Engine 1.22 Gigabyte Xtreme Gaming Engine 1.25	6

Packetstorm

data source	https://packetstormsecurity.com/files/download/150894/CORE-2018-0007.txt
id	PACKETSTORM:150894
last seen	2018-12-25
published	2018-12-21
reporter	Core Security Technologies
source	https://packetstormsecurity.com/files/150894/GIGABYTE-Driver-Privilege-Escalation.html
title	GIGABYTE Driver Privilege Escalation

Summary

Vulnerable Configurations

Packetstorm

References