CVE-2018-19323 - Vulnerability Details - OpenCVE

ReportizFlow

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:L/Au:N/C:P/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gigabyte	Aorus Graphics Engine Gigabyte App Center Oc Guru Ii Xtreme Gaming Engine

Configuration 1 [-]

OR	cpe:2.3:a:gigabyte:aorus_graphics_engine::::::::
	cpe:2.3:a:gigabyte:gigabyte_app_center::::::::
	cpe:2.3:a:gigabyte:oc_guru_ii:2.08:::::::*
	cpe:2.3:a:gigabyte:xtreme_gaming_engine::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2018/Dec/39
http://www.securityfocus.com/bid/106252
https://www.gigabyte.com/Support/Security/1801
https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-21T23:00:00

Updated: 2024-08-05T11:30:04.376Z

Reserved: 2018-11-16T00:00:00

Link: CVE-2018-19323

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-12-21T23:29:00.730

Modified: 2024-11-21T03:57:43.510

Link: CVE-2018-19323

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-18T00:00:00", "descriptions": [{"lang": "en", "value": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-19T12:41:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2018/Dec/39"}, {"tags": ["x_refsource_MISC"], "url": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities"}, {"name": "106252", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106252"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gigabyte.com/Support/Security/1801"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2018-19323", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2018/Dec/39"}, {"name": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities", "refsource": "MISC", "url": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities"}, {"name": "106252", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106252"}, {"name": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card", "refsource": "CONFIRM", "url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"}, {"name": "https://www.gigabyte.com/Support/Security/1801", "refsource": "CONFIRM", "url": "https://www.gigabyte.com/Support/Security/1801"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:30:04.376Z"}, "title": "CVE Program Container", "references": [{"name": "20181221 [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2018/Dec/39"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities"}, {"name": "106252", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106252"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gigabyte.com/Support/Security/1801"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19323", "datePublished": "2018-12-21T23:00:00", "dateReserved": "2018-11-16T00:00:00", "dateUpdated": "2024-08-05T11:30:04.376Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2022-11-14", "cisaExploitAdd": "2022-10-24", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "GIGABYTE Multiple Products Privilege Escalation Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gigabyte:aorus_graphics_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "01B70791-C11D-43F6-A6A9-C685A28AB151", "versionEndExcluding": "1.57", "vulnerable": true}, {"criteria": "cpe:2.3:a:gigabyte:gigabyte_app_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6258771-CD9C-4C9E-98FA-DFC63EED2E5F", "versionEndIncluding": "1.05.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:gigabyte:oc_guru_ii:2.08:*:*:*:*:*:*:*", "matchCriteriaId": "F437C1D5-60C5-417B-9685-EC93A7E5D58F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gigabyte:xtreme_gaming_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "8222B91D-A7CD-44FD-B2C9-BA6A72E7194A", "versionEndExcluding": "1.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs)."}, {"lang": "es", "value": "El controlador de bajo nivel GDrv en GIGABYTE APP Center, en versiones v1.05.21 y anteriores, AORUS GRAPHICS ENGINE en versiones anteriores a la 1.57, XTREME GAMING ENGINE en versiones anteriores a la 1.26 y OC GURU II v2.08, expone una funcionalidad para leer y escribir MSR (Machine Specific Registers)."}], "id": "CVE-2018-19323", "lastModified": "2024-11-21T03:57:43.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2018-12-21T23:29:00.730", "references": [{"source": "[email protected]", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Dec/39"}, {"source": "[email protected]", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106252"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.gigabyte.com/Support/Security/1801"}, {"source": "[email protected]", "tags": ["Product"], "url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Dec/39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106252"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.gigabyte.com/Support/Security/1801"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}