PT-2018-3844 · Gigabyte · Xtreme Gaming Engine+3

Published

2018-12-21

Updated

2025-03-14

CVE-2018-19323

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GIGABYTE APP Center versions 1.05.21 and earlier AORUS GRAPHICS ENGINE versions before 1.57 XTREME GAMING ENGINE versions before 1.26 OC GURU II version 2.08

Description The issue is related to the GDrv low-level driver, which exposes functionality to read and write Machine Specific Registers (MSRs). This is due to insufficient access control, allowing an attacker to potentially execute arbitrary code.

Recommendations For GIGABYTE APP Center versions 1.05.21 and earlier, update to a version later than 1.05.21. For AORUS GRAPHICS ENGINE versions before 1.57, update to version 1.57 or later. For XTREME GAMING ENGINE versions before 1.26, update to version 1.26 or later. For OC GURU II version 2.08, update to a version later than 2.08.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2022-06641

CVE-2018-19323

Affected Products

Aorus Graphics Engine

Gigabyte App Center

Oc Guru Ii

Xtreme Gaming Engine

PT-2018-3844 · Gigabyte · Xtreme Gaming Engine+3

CVE-2018-19323

Weakness Enumeration

Related Identifiers

Affected Products

References · 14