October 24, 2022 · Applied Cybernetics Group
CVE-2018-19322 — GIGABYTE Multiple Products
known ransomware use
GIGABYTE Multiple Products Code Execution Vulnerability
- Added to KEV
2022-10-24- Federal due date
2022-11-14- Vendor
- GIGABYTE
- Product
- Multiple Products
- EPSS
- 86.6th percentile (score 0.029, as of
2026-06-08) - NVD CVSS v3.1
- —
- Ransomware use
- Known
- Upstream
- https://nvd.nist.gov/vuln/detail/CVE-2018-19322
CISA short description
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Required action
Apply updates per vendor instructions.