CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44898 – MsIo64 LOLDriver Memory Corruption
https://notcve.org/view.php?id=CVE-2022-44898
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. • http://packetstormsecurity.com/files/174447/MsIo64-LOLDriver-Memory-Corruption.html https://heegong.github.io/posts/ASUS-AuraSync-Kernel-Stack-Based-Buffer-Overflow-Local-Privilege-Escalation https://www.asus.com/campaign/aura/us/download.php https://www.asus.com/content/ASUS-Product-Security-Advisory • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17603 – ASUS Aura Sync 1.07.71 Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-17603
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. La biblioteca Ene.sys en Asus Aura Sync versiones hasta 1.07.71, no comprueba apropiadamente la entrada a IOCTL 0x80102044, 0x80102050 y 0x80102054, lo que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) o alcanzar privilegios por medio de peticiones IOCTL que usan direcciones de kernel diseñadas que desencadenan una corrupción de memoria. • http://packetstormsecurity.com/files/158221/ASUS-Aura-Sync-1.07.71-Privilege-Escalation.html https://zer0-day.pw/2020-06/asus-aura-sync-stack-based-buffer-overflow • CWE-787: Out-of-bounds Write •