CVE-2018-19321
CVE-2018-19321
In short
GIGABYTE's system drivers allow any local user to read and write computer memory directly, which can be exploited to gain administrator privileges on the machine.
Technical detail
The GPCIDrv and GDrv drivers in multiple GIGABYTE applications expose arbitrary physical memory read/write primitives accessible to local users; an unprivileged attacker can leverage this to bypass kernel protections and escalate privileges to SYSTEM level.
Summary generated and translated by AI from the official description.
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
githubgithub.com/nanabingies/Driver-RW★ 8githubgithub.com/nanabingies/CVE-2018-19321★ 2⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2018/Dec/39https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19321https://www.gigabyte.com/Support/Security/1801https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttp://www.securityfocus.com/bid/106252