Vulnerabilities > CVE-2018-19322 - Exposed Dangerous Method or Function vulnerability in Gigabyte products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/150894/CORE-2018-0007.txt |
id | PACKETSTORM:150894 |
last seen | 2018-12-25 |
published | 2018-12-21 |
reporter | Core Security Technologies |
source | https://packetstormsecurity.com/files/150894/GIGABYTE-Driver-Privilege-Escalation.html |
title | GIGABYTE Driver Privilege Escalation |