Overview
- Description
- The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- GIGABYTE Multiple Products Privilege Escalation Vulnerability
- Exploit added on
- Oct 24, 2022
- Exploit action due
- Nov 14, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gigabyte:aorus_graphics_engine:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01B70791-C11D-43F6-A6A9-C685A28AB151",
"versionEndExcluding": "1.57"
},
{
"criteria": "cpe:2.3:a:gigabyte:app_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95BFAF57-A54C-4BA9-A775-066995CAD473",
"versionEndExcluding": "19.0422.1"
},
{
"criteria": "cpe:2.3:a:gigabyte:oc_guru_ii:2.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F437C1D5-60C5-417B-9685-EC93A7E5D58F"
},
{
"criteria": "cpe:2.3:a:gigabyte:xtreme_gaming_engine:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8222B91D-A7CD-44FD-B2C9-BA6A72E7194A",
"versionEndExcluding": "1.26"
}
],
"operator": "OR"
}
]
}
]