CVE-2018-19320

Name of the Vulnerable Software and Affected Versions GIGABYTE APP Center versions 1.05.21 and earlier AORUS GRAPHICS ENGINE versions prior to 1.57 XTREME GAMING ENGINE versions prior to 1.26 OC GURU II version 2.08 and earlier GIGABYTE Multiple Products (affected versions not specified)

Description The issue is related to insufficient access control in the GDrv driver, which is part of various GIGABYTE programs, including Aorus Engine, GIGABYTE App Center, and Extreme Gaming Engine. This could allow an attacker to execute arbitrary code, potentially taking complete control of the affected system. The vulnerability is associated with the low-level driver in these applications, exposing ring0 memcpy-like functionality.

Recommendations For GIGABYTE APP Center versions 1.05.21 and earlier, update to a version later than 1.05.21. For AORUS GRAPHICS ENGINE versions prior to 1.57, update to version 1.57 or later. For XTREME GAMING ENGINE versions prior to 1.26, update to version 1.26 or later. For OC GURU II version 2.08 and earlier, update to a version later than 2.08. As a temporary workaround, consider restricting access to the GDrv driver until a patch is available.