CVE-2021-28686
MEDIUMASUS GPUTweak II < 2.3.0.3 - Denial of Service via DeviceIoControl Buffer Overflow
Title source: llmDescription
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/
Third Party Advisory x_refsource_misc
https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b21743563df0
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
18.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
asus/gputweak_ii
< 2.3.0.3
Published
Apr 08, 2021
Tracked Since
Feb 18, 2026