Aura Sync
by Asus
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-44898 | 0.00 | — | 0.00 | Dec 14, 2022 | The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted… | |||
| CVE-2019-17603 | 0.00 | — | 0.01 | Jun 2, 2020 | Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger… | |||
| CVE-2018-18536 | 0.00 | — | 0.01 | Dec 26, 2018 | The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | |||
| CVE-2018-18537 | 0.00 | — | 0.01 | Dec 26, 2018 | The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address. | |||
| CVE-2018-18535 | 0.00 | — | 0.01 | Dec 26, 2018 | The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. |
- CVE-2022-44898Dec 14, 2022risk 0.00cvss —epss 0.00
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted…
- CVE-2019-17603Jun 2, 2020risk 0.00cvss —epss 0.01
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger…
- CVE-2018-18536Dec 26, 2018risk 0.00cvss —epss 0.01
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
- CVE-2018-18537Dec 26, 2018risk 0.00cvss —epss 0.01
The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.
- CVE-2018-18535Dec 26, 2018risk 0.00cvss —epss 0.01
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.