CVE-2022-4989
HighCVSS 8.5Summary
The ASUS AI Suite 3 driver lacks proper validation of specified quantity in input, allowing a local user to access unintended memory regions via crafted IOCTL requests. This vulnerability leads to privilege escalation.
Risk Assessment
The organization faces the risk of a local user gaining elevated privileges, potentially leading to full system compromise, data modification, or malware installation.
Recommendation
Immediately uninstall the ASUS AI Suite 3 driver as it is unsupported (UNSUPPORTED WHEN ASSIGNED) and will not receive security patches. Consider using alternative system management software.
Original NVD description (English source)
** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation.

