Vulnerabilities > CVE-2018-19321 - Unspecified vulnerability in Gigabyte products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/150894/CORE-2018-0007.txt |
id | PACKETSTORM:150894 |
last seen | 2018-12-25 |
published | 2018-12-21 |
reporter | Core Security Technologies |
source | https://packetstormsecurity.com/files/150894/GIGABYTE-Driver-Privilege-Escalation.html |
title | GIGABYTE Driver Privilege Escalation |
References
- http://seclists.org/fulldisclosure/2018/Dec/39
- http://seclists.org/fulldisclosure/2018/Dec/39
- http://www.securityfocus.com/bid/106252
- http://www.securityfocus.com/bid/106252
- https://www.gigabyte.com/Support/Security/1801
- https://www.gigabyte.com/Support/Security/1801
- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities