{"api_version":"1","generated_at":"2026-04-23T07:55:42+00:00","cve":"CVE-2018-19321","urls":{"html":"https://cve.report/CVE-2018-19321","api":"https://cve.report/api/cve/CVE-2018-19321.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-19321","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-19321"},"summary":{"title":"CVE-2018-19321","description":"The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-12-21 23:29:00","updated_at":"2020-05-19 13:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106252","name":"106252","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple GIGABYTE Products Multiple Arbitrary Code Execution Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities","name":"https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"GIGABYTE Drivers Elevation of Privilege Vulnerabilities | SecureAuth","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.gigabyte.com/Support/Security/1801","name":"https://www.gigabyte.com/Support/Security/1801","refsource":"CONFIRM","tags":[],"title":"Software update for Potential security vulnerabilities in GIGABYTE software | Security & Technical Advisory - GIGABYTE Global","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2018/Dec/39","name":"20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities","refsource":"FULLDISC","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"Full Disclosure: [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-19321","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19321","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"19321","vulnerable":"1","versionEndIncluding":"1.33","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"aorus_graphics_engine","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19321","vulnerable":"1","versionEndIncluding":"1.05.21","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"app_center","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"oc_guru_ii","cpe6":"2.08","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19321","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"oc_guru_ii","cpe6":"2.08","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19321","vulnerable":"1","versionEndIncluding":"1.25","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"xtreme_gaming_engine","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2018","cve_id":"19321","cve":"CVE-2018-19321","vendorProject":"GIGABYTE","product":"Multiple Products","vulnerabilityName":"GIGABYTE Multiple Products Privilege Escalation Vulnerability","dateAdded":"2022-10-24","shortDescription":"The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-11-14","knownRansomwareCampaignUse":"Known","notes":"https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19321","cwes":"","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2018","cve_id":"19321","cve":"CVE-2018-19321","epss":"0.378840000","percentile":"0.972270000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:16"},"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-19321","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2018/Dec/39"},{"name":"https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities","refsource":"MISC","url":"https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities"},{"name":"106252","refsource":"BID","url":"http://www.securityfocus.com/bid/106252"},{"refsource":"CONFIRM","name":"https://www.gigabyte.com/Support/Security/1801","url":"https://www.gigabyte.com/Support/Security/1801"}]}},"nvd":{"publishedDate":"2018-12-21 23:29:00","lastModifiedDate":"2020-05-19 13:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigabyte:oc_guru_ii:2.08:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigabyte:aorus_graphics_engine:*:*:*:*:*:*:*:*","versionEndIncluding":"1.33","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigabyte:xtreme_gaming_engine:*:*:*:*:*:*:*:*","versionEndIncluding":"1.25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigabyte:app_center:*:*:*:*:*:*:*:*","versionEndIncluding":"1.05.21","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"19321","Ordinal":"136400","Title":"CVE-2018-19321","CVE":"CVE-2018-19321","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"19321","Ordinal":"1","NoteData":"The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"19321","Ordinal":"2","NoteData":"2018-12-21","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"19321","Ordinal":"3","NoteData":"2020-05-19","Type":"Other","Title":"Modified"}]}}}