Vulnerabilities > CVE-2018-19323 - Unspecified vulnerability in Gigabyte products

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

COMPLETE

network

low complexity

gigabyte

critical

NVD

Published: 2018-12-21

Updated: 2020-05-19

Summary

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

Vulnerable Configurations

Part	Description	Count
Application	Gigabyte Gigabyte Aorus Graphics Engine * Gigabyte Gigabyte APP Center * Gigabyte OC Guru II 2.08 Gigabyte Xtreme Gaming Engine 1.22 Gigabyte Xtreme Gaming Engine 1.25	5

Packetstorm

data source	https://packetstormsecurity.com/files/download/150894/CORE-2018-0007.txt
id	PACKETSTORM:150894
last seen	2018-12-25
published	2018-12-21
reporter	Core Security Technologies
source	https://packetstormsecurity.com/files/150894/GIGABYTE-Driver-Privilege-Escalation.html
title	GIGABYTE Driver Privilege Escalation

Summary

Vulnerable Configurations

Packetstorm

References