1.07.79

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

asus

CWE-787

NVD

Published: 2022-12-14

Updated: 2023-09-02

Summary

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.

Vulnerable Configurations

Part	Description	Count
Application	Asus Asus Aura Sync - Asus Aura Sync 1.07.71 Asus Aura Sync 1.07.79	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://heegong.github.io/posts/ASUS-AuraSync-Kernel-Stack-Based-Buffer-Overflow-Local-Privilege-Escalation/
https://www.asus.com/campaign/aura/us/download.php
https://www.asus.com/content/ASUS-Product-Security-Advisory/
http://packetstormsecurity.com/files/174447/MsIo64-LOLDriver-Memory-Corruption.html