CVE-2018-19322
HIGH KEV RANSOMWAREGIGABYTE APP Center <1.05.21 - Privilege Escalation
Title source: llmExploitation Summary
CVE-2018-19322 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 24, 2022, with confirmed use in ransomware campaigns.
Description
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
References (6)
Core 6
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19322
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Dec/39
Broken Link, Exploit, Third Party Advisory x_refsource_misc
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106252
Product x_refsource_confirm
https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
Vendor Advisory x_refsource_confirm
https://www.gigabyte.com/Support/Security/1801
Scores
CVSS v3
7.8
EPSS
0.0288
EPSS Percentile
86.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-10-24
VulnCheck KEV
2022-10-24
InTheWild.io
2021-12-13
ENISA EUVD
EUVD-2018-11020
Ransomware Use
Confirmed
CWE
CWE-749
Status
published
Products (4)
gigabyte/aorus_graphics_engine
< 1.57
gigabyte/app_center
< 1.05.21
gigabyte/oc_guru_ii
2.08
gigabyte/xtreme_gaming_engine
< 1.26
Published
Dec 21, 2018
KEV Added
Oct 24, 2022
Tracked Since
Feb 18, 2026