CVE Catalog

CVE-2022-4989

HighCVSS 8.5
Published: Translated: NVD NIST

Summary

The ASUS AI Suite 3 driver lacks proper validation of specified quantity in input, allowing a local user to access unintended memory regions via crafted IOCTL requests. This vulnerability leads to privilege escalation.

Risk Assessment

The organization faces the risk of a local user gaining elevated privileges, potentially leading to full system compromise, data modification, or malware installation.

Recommendation

Immediately uninstall the ASUS AI Suite 3 driver as it is unsupported (UNSUPPORTED WHEN ASSIGNED) and will not receive security patches. Consider using alternative system management software.

Original NVD description (English source)

** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS