Sign-up

ID

VAR-202104-1593


CVE

CVE-2021-28685


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ASUS GPUTweak II is a driver of ASUS Corporation in China. ASUS GPUTweak II version before 2.3.0.3, which is used to drive more FPS, has a buffer error vulnerability

Trust: 1.62

sources: NVD: CVE-2021-28685 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-388157 // VULMON: CVE-2021-28685

AFFECTED PRODUCTS

vendor:asusmodel:gputweak iiscope:ltversion:2.3.0.3

Trust: 1.0

sources: NVD: CVE-2021-28685

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-28685
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-488
value: HIGH

Trust: 0.6

VULHUB: VHN-388157
value: HIGH

Trust: 0.1

VULMON: CVE-2021-28685
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-28685
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-388157
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-28685
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-388157 // VULMON: CVE-2021-28685 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-488 // NVD: CVE-2021-28685

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2021-28685

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-488

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-488

PATCH

title:ASUS GPUTweak II Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147324

Trust: 0.6

title: - url:https://github.com/WidowMaker3/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/EuropeanMaster/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/Orfanel0/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/FuszzzioN/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/Fizarius/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/HozienSiBolds/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/BakreeFF/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/Huawro/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/Kooxxy/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

title: - url:https://github.com/liknesbexzode/KernelModeAntiCheat-Private-Leaked-BY-AM0MY

Trust: 0.1

sources: VULMON: CVE-2021-28685 // CNNVD: CNNVD-202104-488

EXTERNAL IDS

db:NVDid:CVE-2021-28685

Trust: 1.8

db:CNNVDid:CNNVD-202104-488

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021041211

Trust: 0.6

db:VULHUBid:VHN-388157

Trust: 0.1

db:VULMONid:CVE-2021-28685

Trust: 0.1

sources: VULHUB: VHN-388157 // VULMON: CVE-2021-28685 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-488 // NVD: CVE-2021-28685

REFERENCES

url:https://gist.github.com/dstraghkov/fba4994ac4bb3a6e2940b21743563df0

Trust: 1.8

url:https://www.asus.com/static_webpage/asus-product-security-advisory/

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-28685

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041211

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/widowmaker3/kernelmodeanticheat-private-leaked-by-am0my

Trust: 0.1

sources: VULHUB: VHN-388157 // VULMON: CVE-2021-28685 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-488 // NVD: CVE-2021-28685

SOURCES

db:VULHUBid:VHN-388157
db:VULMONid:CVE-2021-28685
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-488
db:NVDid:CVE-2021-28685

LAST UPDATE DATE

2024-11-23T20:05:14.357000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-388157date:2022-07-12T00:00:00
db:VULMONid:CVE-2021-28685date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-488date:2022-07-14T00:00:00
db:NVDid:CVE-2021-28685date:2024-11-21T06:00:08.400

SOURCES RELEASE DATE

db:VULHUBid:VHN-388157date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-28685date:2021-04-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-488date:2021-04-08T00:00:00
db:NVDid:CVE-2021-28685date:2021-04-08T11:15:12.820