CVE-2025-15038
Out-of-Bounds Read in ASUS BSCI Driver Risks Kernel Info Leak
Publication date: 2026-03-12
Last updated on: 2026-03-12
Assigner: ASUS
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asus | business_system_control_interface | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability is an Out-of-Bounds Read in the ASUS Business System Control Interface driver. It can be triggered by an unprivileged local user who sends a specially crafted IOCTL request. Exploiting this flaw may lead to the disclosure of kernel information or cause the system to crash.
How can this vulnerability impact me? :
The impact of this vulnerability includes potential disclosure of sensitive kernel information, which could aid an attacker in further exploits. Additionally, it may cause the system to crash, leading to denial of service or instability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know