Lucene search

CISACISA-KEV-CVE-2018-19321

HistoryOct 24, 2022 - 12:00 a.m.

GIGABYTE Multiple Products Privilege Escalation Vulnerability

2022-10-2400:00:00

CISA

www.cisa.gov

gigabyte

privilege escalation

vulnerability

gpcidrv

gdrv

app center

aorus graphics engine

xtreme gaming engine

oc guru ii

local attacker

physical memory

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.3%

JSON

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.