CVE-2018-19321

HIGH KEV RANSOMWARE

GIGABYTE APP Center <1.05.21 - Privilege Escalation

Title source: llm

Description

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Exploits (2)

nomisec WORKING POC 8 stars

by nanabingies · local

https://github.com/nanabingies/Driver-RW

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by nanabingies · poc

https://github.com/nanabingies/CVE-2018-19321

View Code ZIP pw:eip

References (5)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Dec/39

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106252

[Vendor Advisory] https://www.gigabyte.com/Support/Security/1801

[Broken Link, Exploit, Third Party Advisory] https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19321

Scores

CVSS v3 7.8

EPSS 0.3788

EPSS Percentile 97.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-10-24

VulnCheck KEV 2022-10-24

InTheWild.io 2021-12-13

ENISA EUVD EUVD-2018-11019

Ransomware Use Confirmed

Status published

Products (4)

gigabyte/aorus_graphics_engine < 1.57

gigabyte/app_center < 19.0422.1

gigabyte/oc_guru_ii 2.08

gigabyte/xtreme_gaming_engine < 1.26

Published Dec 21, 2018

KEV Added Oct 24, 2022

Tracked Since Feb 18, 2026