Telspace Systems Security Advisory
TSA-2019-001: Asus Precision TouchPad 220.127.116.11 (Pool Overflow)
CVE number: CVE-2019-10709
The AsusPTPFilter.sys driver on the Asus Precision TouchPad 18.104.22.168 hardware has a Pool Overflow associated with the \\.\AsusTPdevice, leading to a DoS and could potentially lead to privilege escalation via a crafted DeviceIoControl call with a specific IOCTL code.
Asus Precision TouchPad
Proof of Concept:
Details and crash information:
The vendor has patched the vulnerability and released a new version.
25-03-2019 – Initial Discovery
27-03-2019 – Vendor Notification
29-08-2019 – Vendor Patch
30-08-2019 – Public Disclosure
This vulnerability was discovered by Athanasios Tserpelis of Telspace Systems