Description
An Out-of-Bounds
Read vulnerability exists in the ASUS Business System
Control Interface driver. This vulnerability can be triggered by an unprivileged local user
sending a specially crafted IOCTL  request, potentially leading
to a disclosure of
kernel information or a system crash. Refer to the "Security Update for ASUS 
Business System Control Interface" section on the ASUS Security Advisory for more information.
Published: 2026-03-12
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Information Disclosure
Action: Apply Patch
AI Analysis

Impact

An Out-of-Bounds Read vulnerability (CWE‑125) exists in the ASUS Business System Control Interface driver. An unprivileged local user can trigger the flaw by sending a specially crafted IOCTL request, which may result in the disclosure of kernel data or cause a system crash. The primary impact is the leakage of kernel information, potentially compromising confidentiality, with a secondary denial‑of‑service risk if the system becomes unstable.

Affected Systems

The vulnerability affects the ASUS Business System Control Interface product. No specific affected versions are listed in the CVE data, so all releases prior to the advisory may be susceptible. The provided CPE string (cpe:2.3:a:asus:asus_business_system_control_interface:*:*:*:*:*:*:*:*) indicates the scope of the affected product.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog, further reducing the overall risk profile. The attack vector is local and requires an unprivileged user to send the crafted IOCTL; therefore, remote exploitation is not possible without first gaining local access.

Generated by OpenCVE AI on March 18, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest ASUS Business System Control Interface driver update as outlined in the ASUS Security Advisory.
  • Verify that the driver version meets the corrected release; if required, reinstall or update the firmware.
  • If a patch is not yet released, monitor ASUS advisories and apply the update promptly once available.

Generated by OpenCVE AI on March 18, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in ASUS Business System Control Interface Driver

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 03:45:00 +0000

Type Values Removed Values Added
Description An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by a unprivileged local user sending a specially crafted IOCTL  request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS  Business System Control Interface" section on the ASUS Security Advisory for more information. An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL  request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS  Business System Control Interface" section on the ASUS Security Advisory for more information.

Thu, 12 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by a unprivileged local user sending a specially crafted IOCTL  request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS  Business System Control Interface" section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus asus Business System Control Interface
Weaknesses CWE-125
CPEs cpe:2.3:a:asus:asus_business_system_control_interface:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus asus Business System Control Interface
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Asus Asus Business System Control Interface
cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-03-12T14:48:08.340Z

Reserved: 2025-12-23T06:48:58.144Z

Link: CVE-2025-15038

cve-icon Vulnrichment

Updated: 2026-03-12T14:47:51.226Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T03:15:57.403

Modified: 2026-03-12T21:07:53.427

Link: CVE-2025-15038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:36:12Z

Weaknesses