Vulnerabilities > CVE-2022-21933 - Out-of-bounds Write vulnerability in Asus products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

asus

CWE-787

NVD

Published: 2022-01-21

Updated: 2023-07-24

Summary

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

Vulnerable Configurations

Part	Description	Count
OS	Asus Asus Vc65 C1 Firmware * Asus Pb60V Firmware * Asus Pb60G Firmware * Asus Pb60S Firmware * Asus Pa90 Firmware * Asus Pb50 Firmware * Asus Pb60 Firmware * Asus Pb61V Firmware * Asus Ts10 Firmware * Asus Pn40 Firmware * Asus Pn60 Firmware * Asus Pn30 Firmware * Asus Un65U Firmware *	13
Hardware	Asus Asus Vc65 C1 - Asus Pb60V - Asus Pb60G - Asus Pb60S - Asus Pa90 - Asus Pb50 - Asus Pb60 - Asus Pb61V - Asus Ts10 - Asus Pn40 - Asus Pn60 - Asus Pn30 - Asus Un65U -	13

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html