cbcvebase.
CVE-2018-19323
published 2018-12-21

CVE-2018-19323: The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II…

PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-11-14
Exploited in the wild
EPSS
8.52%
94.4th percentile
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

Affected

4 ranges
VendorProductVersion rangeFixed in
gigabyteaorus_graphics_engine< 1.571.57
gigabytegigabyte_app_center<= 1.05.21
gigabyteoc_guru_ii
gigabytextreme_gaming_engine< 1.261.26

Detection & IOCsextracted from sources · hover to see the quote

filenameGDrv
filenameGPCIDrv
  • Monitor for loading of vulnerable low-level kernel drivers GDrv and GPCIDrv, which expose MSR read/write and arbitrary physical memory read/write primitives exploitable for local privilege escalation.
  • Flag processes that interact with GDrv or GPCIDrv driver device handles, particularly those issuing IOCTL calls to read/write MSRs or physical memory from non-privileged user-mode processes.
  • ·Vulnerability affects multiple versioned products; ensure detection covers all affected product lines: GIGABYTE APP Center ≤1.05.21, AORUS GRAPHICS ENGINE <1.57, XTREME GAMING ENGINE <1.26, and OC GURU II v2.08.
  • ·Both GPCIDrv and GDrv drivers are affected; detection rules should cover both driver names as the attack surface spans two distinct drivers across the affected product suite.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.