Cyber Resilience

CVE-2018-19321

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 21 December 2018

Published
21 December 2018
Modified
07 November 2025
KEV Added
24 October 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3788 97.3th percentile
Risk Priority 58 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-19321 is a high-severity an unspecified weakness vulnerability in Gigabyte Aorus Graphics Engine. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-7 (Least Functionality).

Deeper analysis

The vulnerability affects low-level kernel drivers GPCIDrv and GDrv shipped with GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before version 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08. These drivers expose IOCTL interfaces that permit arbitrary physical memory read and write operations from user mode. The issue received a CVSS 3.1 base score of 7.8 and is tracked without a specific CWE.

A local attacker who can load or communicate with the affected drivers can directly manipulate physical memory contents. This capability is sufficient to overwrite kernel structures, inject code into privileged processes, or otherwise escalate from a standard user account to SYSTEM-level privileges on the host.

Vendor advisories published by GIGABYTE and independent analysis from SecureAuth Labs recommend updating to patched driver versions that remove or restrict the exposed memory-access functionality. The updates are referenced in GIGABYTE security bulletin 1801 and the corresponding Full Disclosure entry. No public evidence of in-the-wild exploitation has been noted in the available references.

EU & UK References

Vulnerability details

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be…

more

leveraged by a local attacker to elevate privileges.

CWE(s)
KEV Date Added
24 October 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gigabyte
aorus graphics engine
≤ 1.57
gigabyte
app center
≤ 19.0422.1
gigabyte
oc guru ii
2.08
gigabyte
xtreme gaming engine
≤ 1.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces that only authorized subjects may perform read/write operations on physical memory addresses exposed by the GPCIDrv/GDrv IOCTL interfaces.

prevent

Requires removal or disabling of the non-essential arbitrary physical-memory access functionality present in the vulnerable GIGABYTE drivers.

prevent

Directly protects system memory regions from unauthorized modification or disclosure attempted via the exposed driver interfaces.

References