Local Resource Management Vulnerability in ASUS System Control Interface
CVE-2026-13585

8.2HIGH

What is CVE-2026-13585?

The ASUS System Control Interface driver and ASUS Business Manager are vulnerable to issues related to resource allocation without limits and improper handling of sensitive information. A local administrator can exploit this vulnerability by sending specially crafted IOCTL requests, which may allow access to sensitive data not removed before resource reuse. In critical scenarios, this could lead to a Denial of Service (DoS) condition on the system, compromising the overall security and functionality of affected devices.

Affected Version(s)

Business Manager 0

System Control Interface 0

System Control Interface v3 0

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rehman Ahmadzai
.