cbcvebase.
CVE-2018-19322
published 2018-12-21

CVE-2018-19322: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC…

PriorityP186high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-11-14
Exploited in the wild
EPSS
1.87%
76.7th percentile
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Affected

4 ranges
VendorProductVersion rangeFixed in
gigabyteaorus_graphics_engine< 1.571.57
gigabyteapp_center<= 1.05.21
gigabyteoc_guru_ii
gigabytextreme_gaming_engine< 1.261.26

Detection & IOCsextracted from sources · hover to see the quote

  • Target vulnerable low-level kernel drivers: GPCIDrv and GDrv, present in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08
  • Monitor for abuse of IO port read/write functionality exposed by GPCIDrv and GDrv drivers, which can be leveraged for privilege escalation to execute code with elevated privileges
  • ·Vulnerability affects multiple GIGABYTE product lines across different version thresholds; ensure detection scope covers all affected products: GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.