CVE-2018-19321
Published: 21 December 2018
Summary
CVE-2018-19321 is a high-severity an unspecified weakness vulnerability in Gigabyte Aorus Graphics Engine. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-7 (Least Functionality).
Deeper analysis
The vulnerability affects low-level kernel drivers GPCIDrv and GDrv shipped with GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before version 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08. These drivers expose IOCTL interfaces that permit arbitrary physical memory read and write operations from user mode. The issue received a CVSS 3.1 base score of 7.8 and is tracked without a specific CWE.
A local attacker who can load or communicate with the affected drivers can directly manipulate physical memory contents. This capability is sufficient to overwrite kernel structures, inject code into privileged processes, or otherwise escalate from a standard user account to SYSTEM-level privileges on the host.
Vendor advisories published by GIGABYTE and independent analysis from SecureAuth Labs recommend updating to patched driver versions that remove or restrict the exposed memory-access functionality. The updates are referenced in GIGABYTE security bulletin 1801 and the corresponding Full Disclosure entry. No public evidence of in-the-wild exploitation has been noted in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-11019
Vulnerability details
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be…
more
leveraged by a local attacker to elevate privileges.
- CWE(s)
- KEV Date Added
- 24 October 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces that only authorized subjects may perform read/write operations on physical memory addresses exposed by the GPCIDrv/GDrv IOCTL interfaces.
Requires removal or disabling of the non-essential arbitrary physical-memory access functionality present in the vulnerable GIGABYTE drivers.
Directly protects system memory regions from unauthorized modification or disclosure attempted via the exposed driver interfaces.