Cyber Resilience

CVE-2018-19320

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 21 December 2018

Published
21 December 2018
Modified
07 November 2025
KEV Added
24 October 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3441 97.1th percentile
Risk Priority 56 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-19320 is a high-severity an unspecified weakness vulnerability in Gigabyte Aorus Graphics Engine. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-16 (Memory Protection).

Deeper analysis

The vulnerability affects the GDrv low-level driver shipped with GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before version 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08. It exposes ring-0 memcpy-like functionality that can be invoked directly from user mode, granting arbitrary kernel-memory read and write primitives on the affected Windows systems.

A local attacker with low privileges can load or communicate with the driver to abuse these primitives, achieving arbitrary code execution at ring 0 and thereby obtaining complete control of the system, including the ability to disable security controls, read or modify any process, and persist across reboots. The issue carries a CVSS 3.1 base score of 7.8 and requires no user interaction beyond the ability to execute code in the context of an authenticated local user.

Gigabyte published security advisory 1801 along with updated driver packages on its support site; the SecureAuth Labs advisory and the full-disclosure posting on Seclists provide additional technical detail and proof-of-concept references for verifying remediation status.

EU & UK References

Vulnerability details

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control…

more

of the affected system.

CWE(s)
KEV Date Added
24 October 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gigabyte
aorus graphics engine
≤ 1.57
gigabyte
app center
≤ 19.0422.1
gigabyte
oc guru ii
2.08
gigabyte
xtreme gaming engine
≤ 1.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents the GDrv driver from exposing ring-0 memcpy primitives to unprivileged user-mode callers by enforcing least-privilege access to kernel memory.

prevent

Enforces hardware and software memory-protection boundaries that block the arbitrary kernel read/write primitives the vulnerable driver exposes.

prevent

Restricts installation or loading of drivers that provide unnecessary low-level kernel functionality such as the exposed ring-0 memcpy interface.

References