Описание
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-19320
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19320
- https://www.gigabyte.com/Support/Security/1801
- https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
- http://seclists.org/fulldisclosure/2018/Dec/39
- http://www.securityfocus.com/bid/106252
Связанные уязвимости
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
Уязвимость драйвера GDrv программа для настройки видеокарт производства Gigabyte Aorus Engine, программы управления приложениями GIGABYTE App Center, программы мониторинга состояния видеокарт Extreme Gaming Engine, позволяющая нарушителю выполнить произвольный код