CVE-2022-44898

Name of the Vulnerable Software and Affected Versions Asus Aura Sync versions through v1.07.79

Description The issue concerns the MsIo64.sys component, which does not properly validate input to certain IOCTL requests, specifically 0x80102040, 0x80102044, 0x80102050, and 0x80102054. This allows attackers to trigger memory corruption, potentially causing a Denial of Service (DoS) or escalating privileges via crafted IOCTL requests.

Recommendations For Asus Aura Sync versions through v1.07.79, consider disabling the MsIo64.sys component until a patch is available to prevent potential exploitation. Restrict access to the vulnerable IOCTL requests to minimize the risk of memory corruption and subsequent DoS or privilege escalation.