CVE-2021-28685

Published: Apr 8, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

x_refsource_MISC

https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b21743563df0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-28685

Description

Affected Products

References