CVE-2018-19320
CVE-2018-19320
In short
A flaw in GIGABYTE's system drivers allows a local attacker to copy data directly into protected memory areas, gaining full control of the computer. This happens because the driver doesn't properly validate what data is being written.
Technical detail
The GDrv driver in GIGABYTE APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, and OC GURU II exposes an unvalidated ring0 memcpy interface accessible to local users. An attacker with local access can exploit this to write arbitrary data to kernel memory, achieving privilege escalation and complete system compromise.
Summary generated and translated by AI from the official description.
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/zer0condition/GDRVLoader★ 359githubgithub.com/ASkyeye/CVE-2018-19320★ 19githubgithub.com/hmnthabit/CVE-2018-19320-LPE★ 11⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2018/Dec/39https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19320https://www.gigabyte.com/Support/Security/1801https://www.gigabyte.com/tw/Support/Utility/Graphics-Cardhttps://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttp://www.securityfocus.com/bid/106252