CVE-2018-19323
GIGABYTE Multiple Products Privilege Escalation Vulnerability
CVSS
—
No CVSS
EPSS
8.5%
p94
KEV
YES
Oct 24, 2022
Exploit Today
78
0-100
Published: — · Last modified: —
Product
GIGABYTE / Multiple Products
Vulnerability
GIGABYTE Multiple Products Privilege Escalation Vulnerability
Added to KEV
Oct 24, 2022
Remediate by
Nov 14, 2022
Known ransomware use
Yes
Summary description
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Required action
Apply updates per vendor instructions.
Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19323