cbcvebase.

Gigabyte Aorus Graphics Engine vulnerabilities

4 known vulnerabilities affecting gigabyte/aorus_graphics_engine.

Total CVEs
4
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
4
Severity breakdown
CRITICAL1HIGH3

Vulnerabilities

Page 1 of 1
CVE-2018-19321P1HIGHCVSS 7.8KEVPoCRansomwarefixed in 1.572018-12-21
CVE-2018-19321 [HIGH] CVE-2018-19321: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS E The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
nvd
CVE-2018-19323P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 1.572018-12-21
CVE-2018-19323 [CRITICAL] CVE-2018-19323: The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
nvd
CVE-2018-19320P1HIGHCVSS 7.8KEVPoCRansomwarefixed in 1.572018-12-21
CVE-2018-19320 [HIGH] CVE-2018-19320: The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
nvd
CVE-2018-19322P1HIGHCVSS 7.8KEVRansomwarefixed in 1.572018-12-21
CVE-2018-19322 [HIGH] CWE-749 CVE-2018-19322: The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS E The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
nvd
Gigabyte Aorus Graphics Engine vulnerabilities | cvebase