Out-of-bounds Read in ASUS System Control Interface
CVE-2026-3508

6.8MEDIUM

Key Information:

Vendor: Asus
Status: Asus System Control Interface
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-3508?

An Out-of-bounds Read vulnerability exists within the IOCTL handler of the ASUS System Control Interface, which enables a local user to manipulate the read size, potentially exceeding the allocated buffer size. This issue may lead to system instability, resulting in a Blue Screen of Death (BSOD). Users are advised to review the latest security updates provided in the ASUS Security Advisory for remediation actions.

Affected Version(s)

ASUS System Control Interface 0

References

https://www.asus.com/security-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-3508 Data

JSON

Asus

What is CVE-2026-3508?

Affected Version(s)

References

CVSS V4

Timeline