CVE-2018-19322
published 2018-12-21CVE-2018-19322: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC…
PriorityP186high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-11-14
Exploited in the wild
EPSS
1.87%
76.7th percentile
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gigabyte | aorus_graphics_engine | < 1.57 | 1.57 |
| gigabyte | app_center | <= 1.05.21 | — |
| gigabyte | oc_guru_ii | — | — |
| gigabyte | xtreme_gaming_engine | < 1.26 | 1.26 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target vulnerable low-level kernel drivers: GPCIDrv and GDrv, present in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 ↗
- →Monitor for abuse of IO port read/write functionality exposed by GPCIDrv and GDrv drivers, which can be leveraged for privilege escalation to execute code with elevated privileges ↗
- ·Vulnerability affects multiple GIGABYTE product lines across different version thresholds; ensure detection scope covers all affected products: GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vv86-whxx-rv84: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1
ghsa_unreviewed·2022-05-13
CVE-2018-19322 [HIGH] CWE-749 GHSA-vv86-whxx-rv84: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
VulnCheck
GIGABYTE Multiple Products Code Execution Vulnerability
vulncheck·2018·CVSS 7.8
CVE-2018-19322 [HIGH] CWE-749 GIGABYTE Multiple Products Code Execution Vulnerability
GIGABYTE Multiple Products Code Execution Vulnerability
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Affected: GIGABYTE Multiple Products
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://info.securin.io/hubfs/Securin%20Ransomware%20Report%202023.pdf; https://bi.zone/upload/for_download/Threat_Zone_2025_BI.ZONE_Research_rus.pdf
Remediation Due: 2022-11-14
CISA
GIGABYTE Multiple Products Code Execution Vulnerability
cisa·2022-10-24·CVSS 7.8
CVE-2018-19322 [HIGH] CWE-749 GIGABYTE Multiple Products Code Execution Vulnerability
Vulnerability: GIGABYTE Multiple Products Code Execution Vulnerability
Affected: GIGABYTE Multiple Products
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Required Action: Apply updates per vendor instructions.
Notes: https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19322
Remediation Due Date: 2022-11-14
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2018/Dec/39http://www.securityfocus.com/bid/106252https://www.gigabyte.com/Support/Security/1801https://www.gigabyte.com/tw/Support/Utility/Graphics-Cardhttps://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttp://seclists.org/fulldisclosure/2018/Dec/39http://www.securityfocus.com/bid/106252https://www.gigabyte.com/Support/Security/1801https://www.gigabyte.com/tw/Support/Utility/Graphics-Cardhttps://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19322
2018-12-21
Published
2022-10-24
Added to CISA KEV
Exploited in the wild