Published CVEs, driver bug writeups, and proof-of-concept code from Windows kernel driver research.
CVE-2026-3508: ASUS AsusWmiAcpi.sys Heap Over-Read
Kernel driver research finding in ASUS System Control Interface. The issue was a METHOD_BUFFERED IOCTL size validation bug where the driver trusted an embedded length field and read beyond the actual buffered input allocation.
- Vendor: ASUS
- Component:
AsusWmiAcpi.sys - Severity: Medium (CVSS 6.8)
- Class: buffered IOCTL size validation bug
- Advisory/writeup: CVE-2026-3508
CVE-2026-6737: ASUS AsusPTPFilter.sys Insecure Device Object Permissions
ASUS Precision Touchpad Filter driver issue where named device objects were created without explicit SDDL permissions, exposing driver IOCTL handlers to standard local users. Fixed in AsusPTPFilter version 16.0.0.46 or later.
- Vendor: ASUS
- Component:
AsusPTPFilter.sys - Severity: Low (CVSS 2.0)
- Class: missing device object permissions
- Advisory/writeup: CVE-2026-6737