CVE-2018-19323 – This vulnerability in GIGABYTE driver software ... (How to Fix)

Q: What is the severity of CVE-2018-19323?

CVE-2018-19323 has a CVSS score of 9.8 (CRITICAL). This vulnerability in GIGABYTE driver software allows attackers to read and write Machine Specific Registers (MSRs), which are low-level CPU control registers. This enables privilege escalation from user mode to kernel mode, potentially giving attackers full system control. Users of affected GIGABYTE software on Windows systems are vulnerable.

📋 TL;DR

This vulnerability in GIGABYTE driver software allows attackers to read and write Machine Specific Registers (MSRs), which are low-level CPU control registers. This enables privilege escalation from user mode to kernel mode, potentially giving attackers full system control. Users of affected GIGABYTE software on Windows systems are vulnerable.

💻 Affected Systems

Products:

GIGABYTE APP Center
AORUS GRAPHICS ENGINE
XTREME GAMING ENGINE
OC GURU II

Versions: APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, OC GURU II v2.08 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable GDrv driver is installed by default with these applications. Systems without these GIGABYTE utilities are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing installation of persistent malware, credential theft, and bypassing all security controls.

🟠

Likely Case

Local privilege escalation enabling attackers to gain SYSTEM/administrator privileges from a standard user account.

🟢

If Mitigated

Limited impact if systems have strict user privilege separation and application whitelisting preventing unauthorized driver loading.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.

🏢 Internal Only: HIGH - Malicious insiders or compromised user accounts could exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but is straightforward once code execution is achieved. The vulnerability is well-documented with public proof-of-concept code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: APP Center v1.06.21, AORUS GRAPHICS ENGINE 1.57+, XTREME GAMING ENGINE 1.26+, OC GURU II v2.09+

Vendor Advisory: https://www.gigabyte.com/Support/Security/1801

Restart Required: Yes

Instructions:

1. Uninstall affected GIGABYTE software. 2. Download latest versions from official GIGABYTE website. 3. Install updated versions. 4. Restart system to ensure old driver is unloaded.

🔧 Temporary Workarounds

Remove vulnerable driver

windows

Uninstall affected GIGABYTE applications to remove the vulnerable GDrv.sys driver

Control Panel > Programs and Features > Uninstall affected GIGABYTE software
sc delete GDrv
del C:\Windows\System32\drivers\GDrv.sys

Driver block policy

windows

Use Windows group policy to block loading of the vulnerable driver

gpedit.msc > Computer Configuration > Windows Settings > Security Settings > System Services > Find GDrv > Set to Disabled

🧯 If You Can't Patch

Remove all affected GIGABYTE software from critical systems
Implement strict application control policies to prevent unauthorized driver loading

🔍 How to Verify

Check if Vulnerable:

Check for presence of GDrv.sys driver in C:\Windows\System32\drivers\ and verify installed GIGABYTE software versions

Check Version:

wmic product get name,version | findstr /i gigabyte

Verify Fix Applied:

Verify GDrv.sys is removed or updated driver version, and check installed GIGABYTE software shows patched versions

📡 Detection & Monitoring

Log Indicators:

Event ID 7045: Service installation for GDrv
Driver load events for GDrv.sys
Process creation from GIGABYTE utilities

Network Indicators:

No network indicators - local vulnerability only

SIEM Query:

source="*security*" AND (event_id=7045 AND service_name="GDrv") OR (process_name="*gigabyte*" OR process_name="*aorus*")

📊 Metadata

CVE ID: CVE-2018-19323

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: December 21, 2018

Last Updated: November 7, 2025

🔗 References

http://seclists.org/fulldisclosure/2018/Dec/39 Exploit,Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/106252 Broken Link,Third Party Advisory,VDB Entry
https://www.gigabyte.com/Support/Security/1801 Vendor Advisory
https://www.gigabyte.com/tw/Support/Utility/Graphics-Card Product
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities Broken Link,Exploit,Third Party Advisory
http://seclists.org/fulldisclosure/2018/Dec/39 Exploit,Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/106252 Broken Link,Third Party Advisory,VDB Entry
https://www.gigabyte.com/Support/Security/1801 Vendor Advisory
https://www.gigabyte.com/tw/Support/Utility/Graphics-Card Product
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities Broken Link,Exploit,Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19323 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON