Vulnerabilities > CVE-2018-19322 - Exposed Dangerous Method or Function vulnerability in Gigabyte products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
gigabyte
CWE-749

Summary

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/150894/CORE-2018-0007.txt
idPACKETSTORM:150894
last seen2018-12-25
published2018-12-21
reporterCore Security Technologies
sourcehttps://packetstormsecurity.com/files/150894/GIGABYTE-Driver-Privilege-Escalation.html
titleGIGABYTE Driver Privilege Escalation