Privilege escalation in GIGABYTE drivers
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-19320 CVE-2018-19322 CVE-2018-19323 CVE-2018-19321 |
| CWE-ID | CWE-782 |
| Exploitation vector | Local |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. |
| Vulnerable software Subscribe |
GIGABYTE APP Center Hardware solutions / Drivers AORUS GRAPHICS ENGINE Hardware solutions / Drivers XTREME GAMING ENGINE Hardware solutions / Drivers OC GURU Hardware solutions / Drivers |
| Vendor | GIGABYTE Global |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU16621
Risk: Low
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C]
CVE-ID: CVE-2018-19320
CWE-ID:
CWE-782 - Exposed IOCTL with Insufficient Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.
The weakness exists due to ring0 memcpy-like functionality built into GIO's IOCTL 0xC3502808. A local attacker can gain elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution addressing the vulnerability.
Vulnerable software versionsGIGABYTE APP Center: 1.05.21
AORUS GRAPHICS ENGINE: 1.0 - 1.33
XTREME GAMING ENGINE: 1.22 - 1.25
OC GURU: 2.08
External linkshttp://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Privilege escalation
EUVDB-ID: #VU16622
Risk: Medium
CVSSv3.1: 9.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C]
CVE-ID: CVE-2018-19322
CWE-ID:
CWE-782 - Exposed IOCTL with Insufficient Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.
The weakness exists due to both GPCI and GIO expose functionality to read/write data from/to IO ports. A local attacker can execute arbitrary code with elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution addressing the vulnerability.
Vulnerable software versionsGIGABYTE APP Center: 1.05.21
AORUS GRAPHICS ENGINE: 1.0 - 1.33
XTREME GAMING ENGINE: 1.22 - 1.25
OC GURU: 2.08
External linkshttp://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Privilege escalation
EUVDB-ID: #VU16623
Risk: Medium
CVSSv3.1: 9.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C]
CVE-ID: CVE-2018-19323
CWE-ID:
CWE-782 - Exposed IOCTL with Insufficient Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.
The weakness exists due to GIO exposes functionality to read and write Machine Specific Registers (MSRs). A local attacker can execute arbitrary ring-0 code with elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution addressing the vulnerability.
Vulnerable software versionsGIGABYTE APP Center: 1.05.21
AORUS GRAPHICS ENGINE: 1.0 - 1.33
XTREME GAMING ENGINE: 1.22 - 1.25
OC GURU: 2.08
External linkshttp://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Privilege escalation
EUVDB-ID: #VU16624
Risk: Low
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C]
CVE-ID: CVE-2018-19321
CWE-ID:
CWE-782 - Exposed IOCTL with Insufficient Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target device.
The weakness exists due to both GPCI and GIO expose functionality to read/write arbitrary physical memory. A local attacker can gain elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution addressing the vulnerability.
Vulnerable software versionsGIGABYTE APP Center: 1.05.21
AORUS GRAPHICS ENGINE: 1.0 - 1.33
XTREME GAMING ENGINE: 1.22 - 1.25
OC GURU: 2.08
External linkshttp://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
