Linux
CVE-2025-15038
Lifecycle Timeline
2DescriptionCVE.org
An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
AnalysisAI
An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to a disclosure of kernel information or a system crash.
Technical ContextAI
Classified as CWE-125 (Out-of-bounds Read). An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS Business System Control Interface" section on the ASUS Security Advisory for more information.
Affected ProductsAI
Component: ASUS Business System Control.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-125 – Out-of-bounds Read
View allShare
External POC / Exploit Code
Leaving vuln.today