9.8

CVE-2018-19323

Warnung
Exploit
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GigabyteAorus Graphics Engine Version < 1.57
GigabyteGigabyte App Center Version <= 1.05.21
GigabyteOc Guru Ii Version2.08
GigabyteXtreme Gaming Engine Version < 1.26

24.10.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

GIGABYTE Multiple Products Privilege Escalation Vulnerability

Schwachstelle

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.72% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 10 8.5
AV:N/AC:L/Au:N/C:P/I:P/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/fulldisclosure/2018/Dec/39
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/106252
Third Party Advisory
Broken Link
VDB Entry