The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HGigabyte Aorus Graphics Engine
APPGigabyte< 1.57Gigabyte App Center
APPGigabyte< 19.0422.1Gigabyte Oc Guru Ii
APPGigabyte2.08Gigabyte Xtreme Gaming Engine
APPGigabyte< 1.26
CISA KEV — detailsi
- Vendori
- GIGABYTE
- Producti
- Multiple Products
- Added to KEVi
- October 24, 2022
- Remediation deadline (US Federal)i
- November 14, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Related vulnerabilities
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTRE...
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTRE...
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE befo...
An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a w...
Gigabyte Control Center — zapis dowolnych plików prowadzący do RCE lub privilege escalation