CVE-2024-33223

Name of the Vulnerable Software and Affected Versions ASUS GPU TweakII version 1.4.5.2

Description The issue is related to the component IOMap64.sys of ASUS GPU TweakII, which allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. This is due to insecure privilege management. The exploitation of this issue can enable an attacker to elevate their privileges.

Recommendations For version 1.4.5.2, consider disabling the IOMap64.sys component until a patch is available to prevent potential privilege escalation and arbitrary code execution. Restrict access to the IOCTL requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.