The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/174447/MsIo64-LOLDriver-Memory-Corruption.html | |
https://heegong.github.io/posts/ASUS-AuraSync-Kernel-Stack-Based-Buffer-Overflow-Local-Privilege-Escalation/ | Exploit Technical Description Third Party Advisory |
https://www.asus.com/campaign/aura/us/download.php | Product Vendor Advisory |
https://www.asus.com/content/ASUS-Product-Security-Advisory/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-14T00:00:00
Updated: 2023-09-02T14:06:12.087023
Reserved: 2022-11-07T00:00:00
Link: CVE-2022-44898
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-14T15:15:10.657
Modified: 2023-09-02T15:15:27.300
Link: CVE-2022-44898
JSON object: View
Redhat Information
No data.
CWE