Description
Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' 
Security Update for Armoury Crate App   ' section on the ASUS Security Advisory for more information.
Published: 2026-05-29
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Armoury Crate assigns incorrect permissions for a critical resource inside its driver, allowing a local user to bypass validation and read or modify physical memory. This flaw lets the attacker compromise memory stored for other processes, potentially enabling privilege escalation or corruption of system state. The vulnerability is a direct manifestations of CWE‑732, which highlights improper access control.

Affected Systems

The flaw is present in ASUS Armoury Crate applications. Specific affected versions are not listed in the advisory, so any installation of Armoury Crate is potentially impacted until a patch is applied.

Risk and Exploitability

The CVSS score is 7.3, indicating a high severity. EPSS data is unavailable, but the attack vector is local user access, which is easily achievable on a device owned by the victim. The vulnerability is not yet listed in CISA’s KEV catalog. An exploit requires only local execution and no external trigger, making this a significant risk for systems where Armoury Crate is installed.

Generated by OpenCVE AI on May 29, 2026 at 03:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Armoury Crate update from the ASUS website, which includes the corrected permission enforcement.
  • If an update cannot be applied immediately, remove or disable Armoury Crate from user accounts that do not require it, or uninstall the application entirely.
  • Implement local security controls such as AppLocker or Group Policy restrictions to prevent Armoury Crate from executing until the patch is applied.

Generated by OpenCVE AI on May 29, 2026 at 03:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.asus.com/security-advisory cve-icon cve-icon
History

Fri, 29 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 04:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Physical Memory Access via Incorrect Permission Assignment in Armoury Crate

Fri, 29 May 2026 02:15:00 +0000

Type Values Removed Values Added
Description Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '  Security Update for Armoury Crate App   ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus armoury Crate
Weaknesses CWE-732
CPEs cpe:2.3:a:asus:armoury_crate:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus armoury Crate
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Asus Armoury Crate
cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-05-29T17:05:19.797Z

Reserved: 2026-05-07T07:07:27.880Z

Link: CVE-2026-8070

cve-icon Vulnrichment

Updated: 2026-05-29T17:05:09.584Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T02:16:17.380

Modified: 2026-05-29T14:46:09.837

Link: CVE-2026-8070

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T04:00:13Z

Weaknesses