CVE-2018-19323
published 2018-12-21CVE-2018-19323: The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-11-14
Exploited in the wild
EPSS
8.52%
94.4th percentile
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gigabyte | aorus_graphics_engine | < 1.57 | 1.57 |
| gigabyte | gigabyte_app_center | <= 1.05.21 | — |
| gigabyte | oc_guru_ii | — | — |
| gigabyte | xtreme_gaming_engine | < 1.26 | 1.26 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for loading of vulnerable low-level kernel drivers GDrv and GPCIDrv, which expose MSR read/write and arbitrary physical memory read/write primitives exploitable for local privilege escalation. ↗
- →Flag processes that interact with GDrv or GPCIDrv driver device handles, particularly those issuing IOCTL calls to read/write MSRs or physical memory from non-privileged user-mode processes. ↗
- ·Vulnerability affects multiple versioned products; ensure detection covers all affected product lines: GIGABYTE APP Center ≤1.05.21, AORUS GRAPHICS ENGINE <1.57, XTREME GAMING ENGINE <1.26, and OC GURU II v2.08. ↗
- ·Both GPCIDrv and GDrv drivers are affected; detection rules should cover both driver names as the attack surface spans two distinct drivers across the affected product suite. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
GIGABYTE Multiple Products Privilege Escalation Vulnerability
cisa·2022-10-24·CVSS 9.8
CVE-2018-19323 [CRITICAL] GIGABYTE Multiple Products Privilege Escalation Vulnerability
Vulnerability: GIGABYTE Multiple Products Privilege Escalation Vulnerability
Affected: GIGABYTE Multiple Products
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Required Action: Apply updates per vendor instructions.
Notes: https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19323
Remediation Due Date: 2022-11-14
GHSA
GHSA-237x-ggj9-vvhf: The GDrv low-level driver in GIGABYTE APP Center v1
ghsa_unreviewed·2022-05-13
CVE-2018-19323 [CRITICAL] GHSA-237x-ggj9-vvhf: The GDrv low-level driver in GIGABYTE APP Center v1
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
VulnCheck
GIGABYTE Multiple Products Privilege Escalation Vulnerability
vulncheck·2018·CVSS 9.8
CVE-2018-19323 [CRITICAL] GIGABYTE Multiple Products Privilege Escalation Vulnerability
GIGABYTE Multiple Products Privilege Escalation Vulnerability
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Affected: GIGABYTE Multiple Products
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://bi.zone/upload/for_download/Threat_Zone_2025_BI.ZONE_Research_rus.pdf
Exploit PoC: https://vulncheck.com/xdb/27e5e5266901
Remediation Due: 2022-11-14
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2018/Dec/39http://www.securityfocus.com/bid/106252https://www.gigabyte.com/Support/Security/1801https://www.gigabyte.com/tw/Support/Utility/Graphics-Cardhttps://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttp://seclists.org/fulldisclosure/2018/Dec/39http://www.securityfocus.com/bid/106252https://www.gigabyte.com/Support/Security/1801https://www.gigabyte.com/tw/Support/Utility/Graphics-Cardhttps://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19323
2018-12-21
Published
2022-10-24
Added to CISA KEV
Exploited in the wild