← All drivers
vulnerable
Driver

gdrv.sys

Gigabyte motherboard utility driver

From Gigabyte Technology
Part of the Gigabyte family
Status
On a known-vulnerable list
Known variants
12 distinct hashes
Public CVEs
4
Field notes

gdrv.sys is a kernel driver from Gigabyte, used by motherboard and graphics utilities such as App Center, EasyTune, and OC Guru for hardware management and overclocking. It is common on systems with Gigabyte motherboards or graphics cards where the vendor utilities were installed.

Older versions are on the public LOLDrivers list for a cluster of 2018 vulnerabilities that give a local user read/write access to kernel memory and physical addresses through the driver's IOCTL interface. Gigabyte's initial response was to discontinue the affected utilities rather than patch them, which is part of why the older signed binaries continue to appear in the wild.

Why it persists: as with most BYOVD (bring-your-own-vulnerable-driver) targets, the old signed binary still loads on modern Windows. The fix is to update or remove the bundled Gigabyte software, not to expect Windows to block the older driver everywhere on its own.

On the public record: gdrv.sys has been documented in incident-response reports as a driver weaponized after initial system compromise to disable endpoint protection. Its presence on a gamer's machine is overwhelmingly the legitimate Gigabyte utilities.

If you find it, update Gigabyte's current software for your hardware and remove the older utilities.

What the record shows

gdrv.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 12 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Related drivers

Other drivers in the Gigabyte family. See the whole family →

Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “gdrv.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/gdrv-sys