Out-of-Bounds Read Vulnerability in ASUS System Control Interface
CVE-2026-15030

5.6MEDIUM

What is CVE-2026-15030?

The ASUS System Control Interface and ASUS Business Manager contain an out-of-bounds read vulnerability that can be exploited by a local administrator. By crafting a malicious IOCTL request, the attacker can gain unauthorized access to memory regions that exceed the approved firmware limits, leading to potential exposure of sensitive information. This issue underscores the importance of implementing robust input validation mechanisms to prevent unauthorized memory access and safeguard firmware integrity.

Affected Version(s)

Business Manager 0

System Control Interface 0

System Control Interface v3 0

References

CVSS V4

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.