cbcvebase.
CVE-2018-19321
published 2018-12-21

CVE-2018-19321: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC…

PriorityP185high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-11-14
Exploited in the wild
EPSS
3.67%
88.3th percentile
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Affected

4 ranges
VendorProductVersion rangeFixed in
gigabyteaorus_graphics_engine< 1.571.57
gigabyteapp_center< 19.0422.119.0422.1
gigabyteoc_guru_ii
gigabytextreme_gaming_engine< 1.261.26

Detection & IOCsextracted from sources · hover to see the quote

  • Presence of the vulnerable low-level kernel drivers GPCIDrv or GDrv (associated with GIGABYTE APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, or OC GURU II) on a system should be treated as a risk indicator, as they expose arbitrary physical memory read/write functionality exploitable for local privilege escalation.
  • ·Exploitation requires local access; the vulnerability is in the low-level drivers GPCIDrv and GDrv which expose arbitrary physical memory read/write — not remotely exploitable on its own, but actively leveraged for local privilege escalation (CISA KEV listed).
  • ·Affected product versions: GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, OC GURU II v2.08. Ensure detection/hunting covers all four product families.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.