Vulnerability Details : CVE-2018-19321
Used for ransomware!
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
CVE-2018-19321 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
GIGABYTE Multiple Products Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Notes:
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19321
Added on
2022-10-24
Action due date
2022-11-14
Exploit prediction scoring system (EPSS) score for CVE-2018-19321
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less