7.8

CVE-2018-19321

Warnung
Exploit
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GigabyteAorus Graphics Engine Version < 1.57
GigabyteApp Center Version < 19.0422.1
GigabyteOc Guru Ii Version2.08
GigabyteXtreme Gaming Engine Version < 1.26

24.10.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

GIGABYTE Multiple Products Privilege Escalation Vulnerability

Schwachstelle

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.67% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/fulldisclosure/2018/Dec/39
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/106252
Third Party Advisory
Broken Link
VDB Entry
https://www.gigabyte.com/Support/Security/1801
Vendor Advisory
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Third Party Advisory
Exploit
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19321
US Government Resource