Stack-Based Buffer Overflow in ASUS GPUTweak II Driver
CVE-2021-28686

5.5MEDIUM

Key Information:

Vendor: Asus
Status: Gputweak Ii
Vendor: CVE Published:; 8 April 2021

What is CVE-2021-28686?

The ASUS GPUTweak II drivers, AsIO2_64.sys and AsIO2_32.sys, prior to version 2.3.0.3, are susceptible to a stack-based buffer overflow. This vulnerability allows low-privileged users to exploit the device's security model, potentially causing a Denial of Service through specially crafted requests sent to DeviceIoControl. Immediate attention to software updates is recommended to mitigate this vulnerability.

References

https://www.asus.com/Static_WebPage/ASUS-Product-Security...

x_refsource_MISC

https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b2...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Mar 18, 2021

JSON

Asus

What is CVE-2021-28686?

References

CVSS V3.1

Timeline