Overview
- Description
- The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 8.5
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:C
Known exploits
Data from CISA
- Vulnerability name
- GIGABYTE Multiple Products Privilege Escalation Vulnerability
- Exploit added on
- Oct 24, 2022
- Exploit action due
- Nov 14, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gigabyte:aorus_graphics_engine:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01B70791-C11D-43F6-A6A9-C685A28AB151",
"versionEndExcluding": "1.57"
},
{
"criteria": "cpe:2.3:a:gigabyte:gigabyte_app_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6258771-CD9C-4C9E-98FA-DFC63EED2E5F",
"versionEndIncluding": "1.05.21"
},
{
"criteria": "cpe:2.3:a:gigabyte:oc_guru_ii:2.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F437C1D5-60C5-417B-9685-EC93A7E5D58F"
},
{
"criteria": "cpe:2.3:a:gigabyte:xtreme_gaming_engine:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8222B91D-A7CD-44FD-B2C9-BA6A72E7194A",
"versionEndExcluding": "1.26"
}
],
"operator": "OR"
}
]
}
]