CVE-2018-19320
Published: 21 December 2018
Summary
CVE-2018-19320 is a high-severity an unspecified weakness vulnerability in Gigabyte Aorus Graphics Engine. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability affects the GDrv low-level driver shipped with GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before version 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08. It exposes ring-0 memcpy-like functionality that can be invoked directly from user mode, granting arbitrary kernel-memory read and write primitives on the affected Windows systems.
A local attacker with low privileges can load or communicate with the driver to abuse these primitives, achieving arbitrary code execution at ring 0 and thereby obtaining complete control of the system, including the ability to disable security controls, read or modify any process, and persist across reboots. The issue carries a CVSS 3.1 base score of 7.8 and requires no user interaction beyond the ability to execute code in the context of an authenticated local user.
Gigabyte published security advisory 1801 along with updated driver packages on its support site; the SecureAuth Labs advisory and the full-disclosure posting on Seclists provide additional technical detail and proof-of-concept references for verifying remediation status.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-11018
Vulnerability details
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control…
more
of the affected system.
- CWE(s)
- KEV Date Added
- 24 October 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents the GDrv driver from exposing ring-0 memcpy primitives to unprivileged user-mode callers by enforcing least-privilege access to kernel memory.
Enforces hardware and software memory-protection boundaries that block the arbitrary kernel read/write primitives the vulnerable driver exposes.
Restricts installation or loading of drivers that provide unnecessary low-level kernel functionality such as the exposed ring-0 memcpy interface.