CVE-2018-19323

CRITICAL KEV RANSOMWARE

GIGABYTE APP Center <v1.05.21 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-19323 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 24, 2022, with confirmed use in ransomware campaigns. EIP tracks 3 public exploits from researchers including blueisbeautiful, fuckyourheroes, brokendreamsclub.

AI-analyzed exploit summary This repository contains a functional exploitation framework for CVE-2018-19323, targeting the GIGABYTE gdrv.sys driver to achieve local privilege escalation via arbitrary MSR read/write operations. The framework includes modular components for payload generation, evasion techniques, and multi-architecture support.

Description

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

Exploits (3)

nomisec WORKING POC
by blueisbeautiful · poc
https://github.com/blueisbeautiful/CVE-2018-19323

This repository contains a functional exploitation framework for CVE-2018-19323, targeting the GIGABYTE gdrv.sys driver to achieve local privilege escalation via arbitrary MSR read/write operations. The framework includes modular components for payload generation, evasion techniques, and multi-architecture support.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: GIGABYTE gdrv.sys driver
No auth needed
Prerequisites: Vulnerable GIGABYTE gdrv.sys driver present on the system · Local access to the target machine
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WORKING POC
by fuckyourheroes · poc
https://github.com/fuckyourheroes/CVE-2018-19323

This repository contains a functional exploitation framework for CVE-2018-19323, targeting the GIGABYTE gdrv.sys driver to achieve local privilege escalation via arbitrary MSR read/write operations. The framework includes modular components for payload generation, evasion techniques, and multi-architecture support.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: GIGABYTE gdrv.sys driver
No auth needed
Prerequisites: Presence of vulnerable gdrv.sys driver · Local access to the target system
devstral-2 · analyzed May 03, 2026 Full analysis →
nomisec WORKING POC
by brokendreamsclub · local
https://github.com/brokendreamsclub/CVE-2018-19323

This repository contains a modular exploitation framework for CVE-2018-19323, targeting the GIGABYTE gdrv.sys driver to achieve local privilege escalation via arbitrary MSR read/write operations. It includes advanced features like multi-architecture support, evasion techniques, and payload generation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: GIGABYTE gdrv.sys driver (versions prior to fix)
No auth needed
Prerequisites: Vulnerable GIGABYTE gdrv.sys driver present on the system · Local access to the target Windows machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Dec/39
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106252
Vendor Advisory x_refsource_confirm
https://www.gigabyte.com/Support/Security/1801

Scores

CVSS v3 9.8
EPSS 0.0852
EPSS Percentile 94.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2022-10-24
VulnCheck KEV 2022-10-24
InTheWild.io 2021-12-13
ENISA EUVD EUVD-2018-11021
Ransomware Use Confirmed
Status published
Products (4)
gigabyte/aorus_graphics_engine < 1.57
gigabyte/gigabyte_app_center < 1.05.21
gigabyte/oc_guru_ii 2.08
gigabyte/xtreme_gaming_engine < 1.26
Published Dec 21, 2018
KEV Added Oct 24, 2022
Tracked Since Feb 18, 2026