CVE-2018-19322
GIGABYTE Multiple Products Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
1.9%
p77
KEV
YES
Oct 24, 2022
Exploit Today
73
0-100
Published: — · Last modified: —
Product
GIGABYTE / Multiple Products
Vulnerability
GIGABYTE Multiple Products Code Execution Vulnerability
Added to KEV
Oct 24, 2022
Remediate by
Nov 14, 2022
Known ransomware use
Yes
Summary description
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Required action
Apply updates per vendor instructions.
Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19322