CVE-2018-19320 — HIGH (7.8)

Q: How severe is CVE-2018-19320?

CVE-2018-19320 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-19320?

Check the references section above for vendor advisories and patch information. Affected products include: Gigabyte Aorus Graphics Engine, Gigabyte App Center, Gigabyte Oc Guru Ii, Gigabyte Xtreme Gaming Engine.

Vulnerability Description

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gigabyte	Aorus Graphics Engine	< 1.57
Gigabyte	App Center	< 19.0422.1
Gigabyte	Oc Guru Ii	2.08
Gigabyte	Xtreme Gaming Engine	< 1.26

References

http://seclists.org/fulldisclosure/2018/Dec/39ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106252Broken LinkThird Party AdvisoryVDB Entry
https://www.gigabyte.com/Support/Security/1801Vendor Advisory
https://www.gigabyte.com/tw/Support/Utility/Graphics-CardProduct
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-Broken LinkExploitThird Party Advisory
http://seclists.org/fulldisclosure/2018/Dec/39ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106252Broken LinkThird Party AdvisoryVDB Entry
https://www.gigabyte.com/Support/Security/1801Vendor Advisory
https://www.gigabyte.com/tw/Support/Utility/Graphics-CardProduct
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-Broken LinkExploitThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource

FAQ

What is CVE-2018-19320?

CVE-2018-19320 is a vulnerability with a CVSS score of 7.8 (HIGH). The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality...

How severe is CVE-2018-19320?

CVE-2018-19320 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19320?

Check the references section above for vendor advisories and patch information. Affected products include: Gigabyte Aorus Graphics Engine, Gigabyte App Center, Gigabyte Oc Guru Ii, Gigabyte Xtreme Gaming Engine.