CVE-2021-28686

5.5MEDIUM

Key Information:

Vendor: Asus
Status: Gputweak Ii
Vendor: CVE Published:; 8 April 2021

Summary

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.

References

https://www.asus.com/Static_WebPage/ASUS-Product-Security...

x_refsource_MISC

https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b2...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Mar 18, 2021