CVE-2018-19323

🗓️ 21 Dec 2018 23:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 714 Views🌐 WEB

Gigabyte APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write MSRs

Reporter	Title	Published	Views	Family All 19
GithubExploit	Exploit for CVE-2018-19323	27 Aug 202511:51	–	githubexploit
ATTACKERKB	CVE-2018-19323	21 Dec 201800:00	–	attackerkb
BDU FSTEC	Vulnerability of the GDrv driver – a program for configuring Gigabyte Aorus Engine graphics cards. The GIGABYTE App Center, a program for managing applications. The Extreme Gaming Engine, a program for monitoring the status of graphics cards. It allows a hacker to execute arbitrary code.	7 Nov 202200:00	–	bdu_fstec
Circl	CVE-2018-19323	14 Jun 202321:10	–	circl
CISA KEV Catalog	GIGABYTE Multiple Products Privilege Escalation Vulnerability	24 Oct 202200:00	–	cisa_kev
CNVD	Arbitrary Code Execution Vulnerability in Multiple GIGABYTE Products (CNVD-2018-26459)	25 Dec 201800:00	–	cnvd
CNVD	Arbitrary Code Execution Vulnerability in Multiple GIGABYTE Products	21 Dec 201800:00	–	cnvd
Cvelist	CVE-2018-19323	21 Dec 201823:00	–	cvelist
Tenable Nessus	GIGABYTE AORUS GRAPHICS ENGINE < 1.57 Multiple Vulnerabilities	11 Jan 202300:00	–	nessus
Tenable Nessus	GIGABYTE APP Center < 19.4.22.1 Multiple Vulnerabilities	11 Jan 202300:00	–	nessus

NVD

Node

gigabyte aorus_graphics_engineRange<1.57

gigabyte gigabyte_app_centerRange≤1.05.21

gigabyte oc_guru_iiMatch2.08

gigabyte xtreme_gaming_engineRange<1.26

Source	Link
securityfocus	www.securityfocus.com/bid/106252
secureauth	www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
gigabyte	www.gigabyte.com/tw/Support/Utility/Graphics-Card
gigabyte	www.gigabyte.com/Support/Security/1801
seclists	www.seclists.org/fulldisclosure/2018/Dec/39
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description
operation	path	\\.\GIO	IOCTL-based driver vulnerability exposing arbitrary MSR read/write leading to privilege escalation.
msr_index	path	\\.\GIO	IOCTL-based driver vulnerability exposing arbitrary MSR read/write leading to privilege escalation.
value	path	\\.\GIO	IOCTL-based driver vulnerability exposing arbitrary MSR read/write leading to privilege escalation.

17 Jun 2026 01:49Current

9.2High risk

Vulners AI Score9.2

CVSS 29

CVSS 3.19.8

EPSS0.08523

SSVC

In Wild