CVE-2022-21933

Summary

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

Affected Software

VendorProductVersion RangeStatus
ASUSVC65-C1unspecified < 1302affected
ASUSPB60Vunspecified < 1302affected
ASUSPB60Gunspecified < 1302affected
ASUSPB60Sunspecified < 1302affected
ASUSPA90unspecified < 1401affected
ASUSPB50unspecified < 902affected
ASUSPB60unspecified < 1502affected
ASUSPB61Vunspecified < 601affected
ASUSTS10unspecified < 609affected
ASUSPN40unspecified < 2201affected
ASUSPN60unspecified < 808affected
ASUSPN30unspecified < 320affected
ASUSUN65Uunspecified < 618affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References