logo

CVE-2018-19321 - GIGABYTE Multiple Products Privilege Escalation Vulnerability

CVE-2018-19321

GIGABYTE | Multiple Products

  • Date Added:
  • 2022-10-24
  • Due Date:
  • 2022-11-14
Vulnerability Name

GIGABYTE Multiple Products Privilege Escalation Vulnerability

Description

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19321

Free security scan for your website