Cyber Resilience

CVE-2018-19322

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 21 December 2018

Published
21 December 2018
Modified
07 November 2025
KEV Added
24 October 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0288 86.6th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-19322 is a high-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Gigabyte Aorus Graphics Engine. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 13.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-41 (Port and I/O Device Access).

Deeper analysis

The vulnerability CVE-2018-19322 resides in the GPCIDrv and GDrv low-level drivers shipped with GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08. These drivers expose IO-port read and write operations to unprivileged callers, an instance of CWE-749 that receives a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

A local attacker who can load or invoke the drivers can therefore issue arbitrary IO-port accesses. By chaining such accesses an adversary can manipulate hardware state or kernel memory mappings, ultimately executing code at elevated privileges on the host system.

Gigabyte’s security advisory 1801 and the coordinated disclosure at seclists.org direct users to install the corrected driver and utility packages available from the vendor’s support pages for each affected product line; the patches remove or restrict the exposed IO-port interfaces.

EU & UK References

Vulnerability details

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged…

more

in a number of ways to ultimately run code with elevated privileges.

CWE(s)
KEV Date Added
24 October 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gigabyte
aorus graphics engine
≤ 1.57
gigabyte
app center
≤ 1.05.21
gigabyte
oc guru ii
2.08
gigabyte
xtreme gaming engine
≤ 1.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly restricts unauthorized access to IO ports and I/O devices, blocking the exposed GPCIDrv/GDrv interfaces from unprivileged callers.

prevent

Enforces access-control policy on the driver entry points so that only authorized subjects may invoke IO-port read/write operations.

prevent

Limits the privileges granted to user-mode callers of the low-level drivers, preventing the elevation path described in the CVE.

References