logo

CVE-2018-19322 - GIGABYTE Multiple Products Code Execution Vulnerability

GIGABYTE | Multiple Products

  • Date Added:
  • 2022-10-24
  • Due Date:
  • 2022-11-14
Vulnerability Name

GIGABYTE Multiple Products Code Execution Vulnerability

Description

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19322

Free online web security scanner