CVE-2018-19323
Summary
| CVE | CVE-2018-19323 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-21 23:29:00 UTC |
| Updated | 2020-05-19 13:15:00 UTC |
| Description | The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs). |
Risk And Classification
EPSS: 0.147160000 probability, percentile 0.944620000 (date 2026-04-02)
CISA KEV: Listed on 2022-10-24; due 2022-11-14; ransomware use Known
Problem Types: NVD-CWE-noinfo
CISA Known Exploited Vulnerability
| Vendor | GIGABYTE |
|---|---|
| Product | Multiple Products |
| Name | GIGABYTE Multiple Products Privilege Escalation Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19323 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gigabyte | Aorus Graphics Engine | All | All | All | All |
| Application | Gigabyte | Gigabyte App Center | All | All | All | All |
| Application | Gigabyte | Oc Guru Ii | 2.08 | All | All | All |
| Application | Gigabyte | Oc Guru Ii | 2.08 | All | All | All |
| Application | Gigabyte | Xtreme Gaming Engine | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 工具程式 | 服務 / 支援 - GIGABYTE 技嘉科技 | CONFIRM | www.gigabyte.com | |
| Multiple GIGABYTE Products Multiple Arbitrary Code Execution Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| GIGABYTE Drivers Elevation of Privilege Vulnerabilities | SecureAuth | MISC | www.secureauth.com | Exploit, Third Party Advisory |
| Software update for Potential security vulnerabilities in GIGABYTE software | Security & Technical Advisory - GIGABYTE Global | CONFIRM | www.gigabyte.com | |
| Full Disclosure: [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities | FULLDISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.