CVE-2018-19322
Severity CVSS v4.0:
Pending analysis
Type:
CWE-749
Exposed Dangerous Method or Function
Publication date:
21/12/2018
Last modified:
07/11/2025
Description
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gigabyte:aorus_graphics_engine:*:*:*:*:*:*:*:* | 1.57 (excluding) | |
| cpe:2.3:a:gigabyte:app_center:*:*:*:*:*:*:*:* | 1.05.21 (including) | |
| cpe:2.3:a:gigabyte:oc_guru_ii:2.08:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gigabyte:xtreme_gaming_engine:*:*:*:*:*:*:*:* | 1.26 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2018/Dec/39
- http://www.securityfocus.com/bid/106252
- https://www.gigabyte.com/Support/Security/1801
- https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
- http://seclists.org/fulldisclosure/2018/Dec/39
- http://www.securityfocus.com/bid/106252
- https://www.gigabyte.com/Support/Security/1801
- https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19322