CVE-2018-19323

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

CVSS v3 9.8 CRITICAL
CVSS v2.0 9.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:C

Exploitability : 10.0 / Impact : 8.5

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://seclists.org/fulldisclosure/2018/Dec/39	Exploit Mailing List Third Party Advisory
http://www.securityfocus.com/bid/106252	Broken Link Third Party Advisory VDB Entry
https://www.gigabyte.com/Support/Security/1801	Vendor Advisory
https://www.gigabyte.com/tw/Support/Utility/Graphics-Card	Product
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gigabyte:aorus_graphics_engine::::::::
	cpe:2.3:a:gigabyte:gigabyte_app_center::::::::
	cpe:2.3:a:gigabyte:oc_guru_ii:2.08:::::::*
	cpe:2.3:a:gigabyte:xtreme_gaming_engine::::::::

History

28 Jun 2024, 13:56

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/106252 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/106252 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://www.gigabyte.com/Support/Security/1801 -~~	() https://www.gigabyte.com/Support/Security/1801 - Vendor Advisory
References	~~() https://www.gigabyte.com/tw/Support/Utility/Graphics-Card -~~	() https://www.gigabyte.com/tw/Support/Utility/Graphics-Card - Product

Information

Published : 2018-12-21 23:29

Updated : 2024-06-28 13:56

NVD link : CVE-2018-19323

Mitre link : CVE-2018-19323

CVE.ORG link : CVE-2018-19323

JSON object : View

Products Affected

gigabyte

gigabyte_app_center
aorus_graphics_engine
xtreme_gaming_engine
oc_guru_ii

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-19323", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-12-21T23:29:00.730", "references": [{"url": "http://seclists.org/fulldisclosure/2018/Dec/39", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/106252", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.gigabyte.com/Support/Security/1801", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs)."}, {"lang": "es", "value": "El controlador de bajo nivel GDrv en GIGABYTE APP Center, en versiones v1.05.21 y anteriores, AORUS GRAPHICS ENGINE en versiones anteriores a la 1.57, XTREME GAMING ENGINE en versiones anteriores a la 1.26 y OC GURU II v2.08, expone una funcionalidad para leer y escribir MSR (Machine Specific Registers)."}], "lastModified": "2024-06-28T13:56:35.130", "cisaActionDue": "2022-11-14", "cisaExploitAdd": "2022-10-24", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gigabyte:aorus_graphics_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01B70791-C11D-43F6-A6A9-C685A28AB151", "versionEndExcluding": "1.57"}, {"criteria": "cpe:2.3:a:gigabyte:gigabyte_app_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6258771-CD9C-4C9E-98FA-DFC63EED2E5F", "versionEndIncluding": "1.05.21"}, {"criteria": "cpe:2.3:a:gigabyte:oc_guru_ii:2.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F437C1D5-60C5-417B-9685-EC93A7E5D58F"}, {"criteria": "cpe:2.3:a:gigabyte:xtreme_gaming_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8222B91D-A7CD-44FD-B2C9-BA6A72E7194A", "versionEndExcluding": "1.26"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "GIGABYTE Multiple Products Privilege Escalation Vulnerability"}