{"api_version":"1","generated_at":"2026-04-23T08:03:51+00:00","cve":"CVE-2018-19323","urls":{"html":"https://cve.report/CVE-2018-19323","api":"https://cve.report/api/cve/CVE-2018-19323.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-19323","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-19323"},"summary":{"title":"CVE-2018-19323","description":"The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-12-21 23:29:00","updated_at":"2020-05-19 13:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.gigabyte.com/tw/Support/Utility/Graphics-Card","name":"https://www.gigabyte.com/tw/Support/Utility/Graphics-Card","refsource":"CONFIRM","tags":[],"title":"工具程式 | 服務 / 支援 - GIGABYTE 技嘉科技","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106252","name":"106252","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple GIGABYTE Products Multiple Arbitrary Code Execution Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities","name":"https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"GIGABYTE Drivers Elevation of Privilege Vulnerabilities | SecureAuth","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.gigabyte.com/Support/Security/1801","name":"https://www.gigabyte.com/Support/Security/1801","refsource":"CONFIRM","tags":[],"title":"Software update for Potential security vulnerabilities in GIGABYTE software | Security & Technical Advisory - GIGABYTE Global","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2018/Dec/39","name":"20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities","refsource":"FULLDISC","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"Full Disclosure: [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-19323","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19323","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"19323","vulnerable":"1","versionEndIncluding":"1.33","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"aorus_graphics_engine","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19323","vulnerable":"1","versionEndIncluding":"1.05.21","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"gigabyte_app_center","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19323","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"oc_guru_ii","cpe6":"2.08","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19323","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"oc_guru_ii","cpe6":"2.08","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19323","vulnerable":"1","versionEndIncluding":"1.25","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigabyte","cpe5":"xtreme_gaming_engine","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2018","cve_id":"19323","cve":"CVE-2018-19323","vendorProject":"GIGABYTE","product":"Multiple Products","vulnerabilityName":"GIGABYTE Multiple Products Privilege Escalation Vulnerability","dateAdded":"2022-10-24","shortDescription":"The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-11-14","knownRansomwareCampaignUse":"Known","notes":"https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19323","cwes":"","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2018","cve_id":"19323","cve":"CVE-2018-19323","epss":"0.147160000","percentile":"0.945180000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:16"},"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-19323","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2018/Dec/39"},{"name":"https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities","refsource":"MISC","url":"https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities"},{"name":"106252","refsource":"BID","url":"http://www.securityfocus.com/bid/106252"},{"refsource":"CONFIRM","name":"https://www.gigabyte.com/tw/Support/Utility/Graphics-Card","url":"https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"},{"refsource":"CONFIRM","name":"https://www.gigabyte.com/Support/Security/1801","url":"https://www.gigabyte.com/Support/Security/1801"}]}},"nvd":{"publishedDate":"2018-12-21 23:29:00","lastModifiedDate":"2020-05-19 13:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE","baseScore":9},"severity":"HIGH","exploitabilityScore":10,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigabyte:oc_guru_ii:2.08:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigabyte:aorus_graphics_engine:*:*:*:*:*:*:*:*","versionEndIncluding":"1.33","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigabyte:gigabyte_app_center:*:*:*:*:*:*:*:*","versionEndIncluding":"1.05.21","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigabyte:xtreme_gaming_engine:*:*:*:*:*:*:*:*","versionEndIncluding":"1.25","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"19323","Ordinal":"136402","Title":"CVE-2018-19323","CVE":"CVE-2018-19323","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"19323","Ordinal":"1","NoteData":"The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).","Type":"Description","Title":null},{"CveYear":"2018","CveId":"19323","Ordinal":"2","NoteData":"2018-12-21","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"19323","Ordinal":"3","NoteData":"2020-05-19","Type":"Other","Title":"Modified"}]}}}