Vulnerabilities > Asus > Aura Sync

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-44898 Out-of-bounds Write vulnerability in Asus Aura Sync 1.07.71/1.07.79
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.
local
low complexity
asus CWE-787
7.8
2020-06-02 CVE-2019-17603 Out-of-bounds Write vulnerability in Asus Aura Sync 1.07.71
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
local
low complexity
asus CWE-787
7.8