The vulnerability is an exposed IOCTL interface in the AsusPTPFilter driver that is protected by insufficient access control. The flaw allows a user with local access to craft specific IOCTL requests and exercise privileged operations that were intended to be limited. By doing so, the attacker can read internal touchpad state data that should be protected and can issue commands that disable the touchpad, effectively causing a denial of service to the user. The underlying weakness corresponds to CWE‑782, which involves improper restriction of information flows.

The affected product is the AsusPTPFilter driver found in ASUS Precision Touchpad devices. Vendor: ASUS; product: AsusPTPFilter. No specific version numbers are publicly listed in the advisory, so any installed instance of the driver should be considered vulnerable until a fix is applied.

The reported CVSS score of 2.0 indicates a low overall severity. EPSS is not available, and the vulnerability is not yet listed in CISA’s KEV catalog, suggesting it is not currently widely exploited in the wild. Based on the description, the likely attack vector is local; an attacker would need physical or local system access to trigger the vulnerability. If such privilege is available, the attacker can bypass driver security checks and access protected touchpad data or render the touchpad unusable. The low CVSS and lack of exploitation evidence reduce the immediate urgency, but disabling the driver or applying a vendor patch is recommended to mitigate the local risk.