CVE-2018-19322

🗓️ 21 Dec 2018 23:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 702 Views🌐 WEB

GIGABYTE APP Center and AORUS GRAPHICS ENGINE vulnerabilit

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2018-19322	21 Dec 201800:00	–	attackerkb
BDU FSTEC	The vulnerabilities of the GPCIDrv and GDrv drivers allow attackers to execute arbitrary code. These drivers are used by the Gigabyte Aorus Engine video card configuration program, the GIGABYTE App Center for application management, and the Extreme Gaming Engine for video card status monitoring.	7 Nov 202200:00	–	bdu_fstec
Circl	CVE-2018-19322	14 Jun 202321:10	–	circl
CISA KEV Catalog	GIGABYTE Multiple Products Code Execution Vulnerability	24 Oct 202200:00	–	cisa_kev
CNVD	Arbitrary Code Execution Vulnerability in Multiple GIGABYTE Products (CNVD-2018-26458)	25 Dec 201800:00	–	cnvd
Cvelist	CVE-2018-19322	21 Dec 201823:00	–	cvelist
EUVD	EUVD-2018-11020	7 Oct 202500:30	–	euvd
Tenable Nessus	GIGABYTE AORUS GRAPHICS ENGINE < 1.57 Multiple Vulnerabilities	11 Jan 202300:00	–	nessus
Tenable Nessus	GIGABYTE APP Center < 19.4.22.1 Multiple Vulnerabilities	11 Jan 202300:00	–	nessus
Tenable Nessus	GIGABYTE OC GURU II 2.08 Multiple Vulnerabilities	11 Jan 202300:00	–	nessus

NVD

Node

gigabyte aorus_graphics_engineRange<1.57

gigabyte app_centerRange≤1.05.21

gigabyte oc_guru_iiMatch2.08

gigabyte xtreme_gaming_engineRange<1.26

Source	Link
securityfocus	www.securityfocus.com/bid/106252
secureauth	www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
gigabyte	www.gigabyte.com/tw/Support/Utility/Graphics-Card
gigabyte	www.gigabyte.com/Support/Security/1801
seclists	www.seclists.org/fulldisclosure/2018/Dec/39
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
IOCTL_GPCIDRV_PORTREADB	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
IOCTL_GPCIDRV_PORTWRITEB	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
DriverIndex	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
DeviceName	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
pPMIOReadB	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
pPMIOWriteB	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
port	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
value	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
GPCIDRV_PORTIO_STRUCT	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749
GPCIDRV_MAPPHYSICAL	binary	\\.\GPCIDrv64	GPCIDrv64 IOCTL interface exposing port I/O and memory operations that can lead to privileged actions when misused.	CWE-749

17 Jun 2026 01:49Current

7.6High risk

Vulners AI Score7.6

CVSS 24.6

CVSS 3.17.8

EPSS0.01872

SSVC