Vulnerabilities > CVE-2018-19321 - Unspecified vulnerability in Gigabyte products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

gigabyte

NVD

Published: 2018-12-21

Updated: 2020-05-19

Summary

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Vulnerable Configurations

Part	Description	Count
Application	Gigabyte Gigabyte Aorus Graphics Engine * Gigabyte APP Center 1.05.21 Gigabyte OC Guru II 2.08 Gigabyte Xtreme Gaming Engine 1.22 Gigabyte Xtreme Gaming Engine 1.25	5

Packetstorm

data source	https://packetstormsecurity.com/files/download/150894/CORE-2018-0007.txt
id	PACKETSTORM:150894
last seen	2018-12-25
published	2018-12-21
reporter	Core Security Technologies
source	https://packetstormsecurity.com/files/150894/GIGABYTE-Driver-Privilege-Escalation.html
title	GIGABYTE Driver Privilege Escalation

Summary

Vulnerable Configurations

Packetstorm

References