← Retour aux CVEs
CVE-2018-19321
HIGHCISA KEV7.8
Description
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie12/21/2018
Derniere modification11/7/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurGIGABYTE
ProduitMultiple Products
Nom vulnerabiliteGIGABYTE Multiple Products Privilege Escalation Vulnerability
Date ajout KEV2022-10-24
Date limite remediation2022-11-14
Utilise dans ransomwareKnown
Produits affectes
gigabyte:aorus_graphics_enginegigabyte:app_centergigabyte:oc_guru_iigigabyte:xtreme_gaming_engine
References
http://seclists.org/fulldisclosure/2018/Dec/39(cve@mitre.org)
http://www.securityfocus.com/bid/106252(cve@mitre.org)
https://www.gigabyte.com/Support/Security/1801(cve@mitre.org)
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities(cve@mitre.org)
http://seclists.org/fulldisclosure/2018/Dec/39(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/106252(af854a3a-2127-422b-91ae-364da2661108)
https://www.gigabyte.com/Support/Security/1801(af854a3a-2127-422b-91ae-364da2661108)
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19321(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.