Linux
CVE-2025-15037
Lifecycle Timeline
2DescriptionCVE.org
An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
AnalysisAI
An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver.
Technical ContextAI
Classified as CWE-732 (Incorrect Permission Assignment for Critical Resource). An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
Affected ProductsAI
Component: ASUS Business System Control.
RemediationAI
Monitor vendor advisories for a patch.
Share
External POC / Exploit Code
Leaving vuln.today