Lucene search

[email protected]CVE-2018-19320

HistoryDec 21, 2018 - 11:29 p.m.

CVE-2018-19320

2018-12-2123:29:00

[email protected]

web.nvd.nist.gov

557

In Wild

gdrv

gigabyte app center

aorus graphics engine

xtreme gaming engine

oc guru ii

cve-2018-19320

security vulnerability

local attacker

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.3%

JSON

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

Affected configurations

NVD

Node

gigabyteaorus_graphics_engineRange<1.57

gigabyteapp_centerRange<19.0422.1

gigabyteoc_guru_iiMatch2.08

gigabytextreme_gaming_engineRange<1.26

CPENameOperatorVersion
gigabyte:aorus_graphics_enginegigabyte aorus graphics enginelt1.57
gigabyte:app_centergigabyte app centerlt19.0422.1
gigabyte:oc_guru_iigigabyte oc guru iieq2.08
gigabyte:xtreme_gaming_enginegigabyte xtreme gaming enginelt1.26

CPE	Name	Operator	Version
gigabyte:aorus_graphics_engine	gigabyte aorus graphics engine	lt	1.57
gigabyte:app_center	gigabyte app center	lt	19.0422.1
gigabyte:oc_guru_ii	gigabyte oc guru ii	eq	2.08
gigabyte:xtreme_gaming_engine	gigabyte xtreme gaming engine	lt	1.26