CVE-2018-19323

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC...

Basic Information

CVE State: PUBLISHED
Reserved Date: November 16, 2018
Published Date: December 21, 2018
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-10-24 00:00:00 UTC) Source
Used in Malware: Yes (added 2022-10-24 00:00:00 UTC) Source

References

http://seclists.org/fulldisclosure/2018/Dec/39 https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities http://www.securityfocus.com/bid/106252 https://www.gigabyte.com/tw/Support/Utility/Graphics-Card https://www.gigabyte.com/Support/Security/1801

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-10-24 00:00:00 UTC