Description
An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the '
Security Update for MyASUS ' section on the ASUS Security Advisory for more information.
Published: 2026-05-08
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds read occurs in the IOCTL handler of the ASUS System Control Interface, allowing a local user to read beyond the intended buffer. The result is a system crash (BSOD), causing a denial of service. The flaw maps to CWE‑125, a buffer overread condition.

Affected Systems

The affected product is the ASUS System Control Interface on ASUS devices. No specific firmware or model versions are listed, so users should consult the ASUS Security Advisory for details and verify whether their system exposes the vulnerable IOCTL interface.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate severity for a local exploit that requires user privilege. No EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog, so the likelihood of exploitation is uncertain. An attacker would need local user access to send the vulnerable IOCTL request, limiting the threat to devices with accessible local accounts.

Generated by OpenCVE AI on May 8, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the ASUS Security Update for MyASUS that patches the IOCTL handler overflow.
  • If the update is unavailable, remove or restrict the local users’ ability to issue the vulnerable IOCTL commands by updating access control lists or disabling the feature.
  • Monitor system logs for BSOD events and consider disabling the ASUS System Control Interface if it is not required for functionality.

Generated by OpenCVE AI on May 8, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.asus.com/security-advisory cve-icon cve-icon
History

Fri, 08 May 2026 04:30:00 +0000

Type Values Removed Values Added
First Time appeared Asus system Control Interface
Vendors & Products Asus system Control Interface

Fri, 08 May 2026 02:45:00 +0000

Type Values Removed Values Added
Description An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the ' Security Update for MyASUS ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus asus System Control Interface
Weaknesses CWE-125
CPEs cpe:2.3:a:asus:asus_system_control_interface:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus asus System Control Interface
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Asus Asus System Control Interface System Control Interface
cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-05-08T02:00:53.822Z

Reserved: 2026-03-04T05:51:48.969Z

Link: CVE-2026-3508

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T03:16:24.820

Modified: 2026-05-08T03:16:24.820

Link: CVE-2026-3508

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T04:15:26Z

Weaknesses