Skip to main content

ASUS System Control Interface CVE-2026-15029

| EUVDEUVD-2026-44589 HIGH
Untrusted Pointer Dereference (CWE-822)
2026-07-15 ASUS GHSA-cvqr-f3j3-pp87
8.4
CVSS 4.0 · Vendor: ASUS
Share

Severity by source

Vendor (ASUS) PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.7 MEDIUM

Local admin must open the driver and send IOCTLs, so AV:L and PR:H with low complexity; physical memory read/write yields full C/I/A impact within an unchanged kernel scope.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (ASUS).

CVSS VectorVendor: ASUS

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 15, 2026 - 02:31 vuln.today
CVE Published
Jul 15, 2026 - 02:01 cve.org
HIGH 8.4

DescriptionCVE.org

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections. Refer to the ' Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.

AnalysisAI

Arbitrary physical memory read/write in the ASUS System Control Interface (v3 and legacy) and ASUS Business Manager driver allows a local administrator to issue crafted IOCTL requests that bypass OS-enforced memory protections, per an ASUS-published advisory. The flaw (CWE-822, Untrusted Pointer Dereference) turns the signed ASUS driver into a read/write primitive over physical memory, enabling privilege escalation from admin to kernel and potential defense evasion. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local administrator access
Delivery
Open ASUS SCI driver device handle
Exploit
Send crafted IOCTL with untrusted pointer
Execution
Trigger arbitrary physical memory read/write
Persist
Patch kernel structures / disable protections
Impact
Escalate to kernel and evade defenses

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold local administrator privileges on a machine where the ASUS System Control Interface v3, legacy System Control Interface, or ASUS Business Manager driver is installed and loaded, and to send specially crafted IOCTL requests to that driver's device object. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H, base 8.4 High) is internally consistent with the description: local vector, low complexity, but high privileges required - the attacker must already be a local administrator. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained local administrator rights on an ASUS commercial notebook - via phishing, a prior exploit, or a malicious insider - opens the ASUS System Control Interface driver's device handle and sends crafted IOCTL requests specifying attacker-chosen physical addresses. Using the resulting kernel-grade read/write primitive, they patch kernel structures to disable EDR, escalate to SYSTEM/kernel, or read sensitive memory. …
Remediation Apply the ASUS-provided update referenced in the 'Security Update for ASUS System Control Interface' section of the ASUS Security Advisory (https://www.asus.com/security-advisory); a fixed version is indicated by the vendor advisory but no exact patched version number is present in the provided data, so confirm the target build directly from that advisory (Patch available per vendor advisory). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all systems running ASUS System Control Interface v3/legacy and ASUS Business Manager drivers. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15029 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy