CVE Catalog

CVE-2022-4990

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

The ASUS AI Suite 3 driver contains a vulnerability due to improper validation of specified quantity in input, allowing a local user to bypass security and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.

Risk Assessment

A local attacker can gain elevated privileges, potentially leading to full system compromise, data theft, or malware installation.

Recommendation

Immediately discontinue use of ASUS AI Suite 3 as it is an unsupported product, and consider migrating to an alternative, supported system management software.

Original NVD description (English source)

** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS