CVE-2018-19321
published 2018-12-21CVE-2018-19321: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC…
PriorityP185high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-11-14
Exploited in the wild
EPSS
3.67%
88.3th percentile
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gigabyte | aorus_graphics_engine | < 1.57 | 1.57 |
| gigabyte | app_center | < 19.0422.1 | 19.0422.1 |
| gigabyte | oc_guru_ii | — | — |
| gigabyte | xtreme_gaming_engine | < 1.26 | 1.26 |
Detection & IOCsextracted from sources · hover to see the quote
- →Presence of the vulnerable low-level kernel drivers GPCIDrv or GDrv (associated with GIGABYTE APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, or OC GURU II) on a system should be treated as a risk indicator, as they expose arbitrary physical memory read/write functionality exploitable for local privilege escalation. ↗
- ·Exploitation requires local access; the vulnerability is in the low-level drivers GPCIDrv and GDrv which expose arbitrary physical memory read/write — not remotely exploitable on its own, but actively leveraged for local privilege escalation (CISA KEV listed). ↗
- ·Affected product versions: GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, OC GURU II v2.08. Ensure detection/hunting covers all four product families. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v6m4-3gv6-q4jx: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1
ghsa_unreviewed·2022-05-13
CVE-2018-19321 [HIGH] GHSA-v6m4-3gv6-q4jx: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
VulnCheck
GIGABYTE Multiple Products Privilege Escalation Vulnerability
vulncheck·2018·CVSS 7.8
CVE-2018-19321 [HIGH] GIGABYTE Multiple Products Privilege Escalation Vulnerability
GIGABYTE Multiple Products Privilege Escalation Vulnerability
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Affected: GIGABYTE Multiple Products
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://info.securin.io/hubfs/Securin%20Ransomware%20Report%202023.pdf; https://bi.zone/upload/for_download/Threat_Zone_2025_BI.ZONE_Research_rus.pdf
Exploit PoC: https://vulncheck.com/xdb/74650e8a4a65
Remediation Due: 2022-11-14
CISA
GIGABYTE Multiple Products Privilege Escalation Vulnerability
cisa·2022-10-24·CVSS 7.8
CVE-2018-19321 [HIGH] GIGABYTE Multiple Products Privilege Escalation Vulnerability
Vulnerability: GIGABYTE Multiple Products Privilege Escalation Vulnerability
Affected: GIGABYTE Multiple Products
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Required Action: Apply updates per vendor instructions.
Notes: https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19321
Remediation Due Date: 2022-11-14
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2018/Dec/39http://www.securityfocus.com/bid/106252https://www.gigabyte.com/Support/Security/1801https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttp://seclists.org/fulldisclosure/2018/Dec/39http://www.securityfocus.com/bid/106252https://www.gigabyte.com/Support/Security/1801https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19321
2018-12-21
Published
2022-10-24
Added to CISA KEV
Exploited in the wild