CVE-2026-13585

Summary

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system. Refer to the '  Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSSystem Control Interface v30 < v3.1.66.0affected
ASUSSystem Control Interface0 < v1.1.40.0affected
ASUSBusiness Manager0 <= v3.0.38.0affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling
  • CWE-226: CWE-226: Sensitive Information in Resource Not Removed Before Reuse

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References