CVE-2026-15029

Summary

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections. Refer to the '  Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSSystem Control Interface v30 < v3.1.65.0affected
ASUSSystem Control Interface0 < v1.1.40.0affected
ASUSBusiness Manager0 <= v3.0.38.0affected

Weaknesses

  • CWE-822: CWE-822: Untrusted Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References