CVE-2018-19321

high

Description

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

References

https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities

https://www.gigabyte.com/Support/Security/1801

http://www.securityfocus.com/bid/106252

http://seclists.org/fulldisclosure/2018/Dec/39

Details

Source: Mitre, NVD

Published: 2018-12-21

Updated: 2024-06-28

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High