CVE-2018-19322

Name of the Vulnerable Software and Affected Versions GIGABYTE APP Center versions 1.05.21 and earlier AORUS GRAPHICS ENGINE versions prior to 1.57 XTREME GAMING ENGINE versions prior to 1.26 OC GURU II version 2.08 and earlier

Description The issue is related to errors in the implementation of methods and functions in the GPCIDrv and GDrv drivers used by various Gigabyte programs, including the Aorus Engine, GIGABYTE App Center, and Extreme Gaming Engine. This could allow an attacker to execute arbitrary code, potentially leading to elevated privileges. The vulnerability exposes functionality to read/write data from/to IO ports, which could be leveraged to run code with elevated privileges.

Recommendations For GIGABYTE APP Center versions 1.05.21 and earlier, update to a version later than 1.05.21. For AORUS GRAPHICS ENGINE versions prior to 1.57, update to version 1.57 or later. For XTREME GAMING ENGINE versions prior to 1.26, update to version 1.26 or later. For OC GURU II version 2.08 and earlier, update to a version later than 2.08.