CVE-2018-19321β€”GIGABYTE Multiple Products Privilege Escalation Vulnerability

PUBLISHEDvulnerability record
2022-10-24 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2018-19321
Project:
GIGABYTE
Product:
Multiple Products
Date Added:
2022-10-24
Due Date:
2022-11-14
Last Updated:
June 21, 2025

Vulnerability Name

GIGABYTE Multiple Products Privilege Escalation Vulnerability

Description

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply updates per vendor instructions.

Additional Notes