CVE-2018-19322
Published: 21 December 2018
Summary
CVE-2018-19322 is a high-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Gigabyte Aorus Graphics Engine. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 13.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-41 (Port and I/O Device Access).
Deeper analysis
The vulnerability CVE-2018-19322 resides in the GPCIDrv and GDrv low-level drivers shipped with GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08. These drivers expose IO-port read and write operations to unprivileged callers, an instance of CWE-749 that receives a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
A local attacker who can load or invoke the drivers can therefore issue arbitrary IO-port accesses. By chaining such accesses an adversary can manipulate hardware state or kernel memory mappings, ultimately executing code at elevated privileges on the host system.
Gigabyte’s security advisory 1801 and the coordinated disclosure at seclists.org direct users to install the corrected driver and utility packages available from the vendor’s support pages for each affected product line; the patches remove or restrict the exposed IO-port interfaces.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-11020
Vulnerability details
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged…
more
in a number of ways to ultimately run code with elevated privileges.
- CWE(s)
- KEV Date Added
- 24 October 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly restricts unauthorized access to IO ports and I/O devices, blocking the exposed GPCIDrv/GDrv interfaces from unprivileged callers.
Enforces access-control policy on the driver entry points so that only authorized subjects may invoke IO-port read/write operations.
Limits the privileges granted to user-mode callers of the low-level drivers, preventing the elevation path described in the CVE.