CVE-2022-22262

Name of the Vulnerable Software and Affected Versions ROG Live Service (affected versions not specified)

Description The issue arises from an improper link resolution before file access in ROG Live Service's function for deleting temporary files created by installation. This function fails to validate the path before deletion, allowing an unauthenticated local attacker to create an unexpected symbolic link to a system file path. As a result, the attacker can delete arbitrary system files and disrupt system services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.