Vulnerabilities > CVE-2018-19322 - Exposed Dangerous Method or Function vulnerability in Gigabyte products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gigabyte

CWE-749

NVD

Published: 2018-12-21

Updated: 2024-06-28

Summary

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Vulnerable Configurations

Part	Description	Count
Application	Gigabyte Gigabyte OC Guru II 2.08 Gigabyte APP Center 1.05.21 Gigabyte Aorus Graphics Engine 1.33 Gigabyte Xtreme Gaming Engine 1.22 Gigabyte Xtreme Gaming Engine 1.25	5

Common Weakness Enumeration (CWE)

CWE-749 - Exposed Dangerous Method or Function

Packetstorm

data source	https://packetstormsecurity.com/files/download/150894/CORE-2018-0007.txt
id	PACKETSTORM:150894
last seen	2018-12-25
published	2018-12-21
reporter	Core Security Technologies
source	https://packetstormsecurity.com/files/150894/GIGABYTE-Driver-Privilege-Escalation.html
title	GIGABYTE Driver Privilege Escalation

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References