Telspace Systems Security Advisory
TSA-2019-001: Asus Precision TouchPad 11.0.0.25 (Pool Overflow)
CVE number: CVE-2019-10709
Summary:
The AsusPTPFilter.sys driver on the Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTPdevice, leading to a DoS and could potentially lead to privilege escalation via a crafted DeviceIoControl call with a specific IOCTL code.
Vendor:
Asus
Product:
Asus Precision TouchPad
Version:
11.0.0.25
Vendor:
Proof of Concept:
Details and crash information:
Vendor response:
The vendor has patched the vulnerability and released a new version.
Disclosure Timeline:
25-03-2019 – Initial Discovery
27-03-2019 – Vendor Notification
29-08-2019 – Vendor Patch
30-08-2019 – Public Disclosure
Credit:
This vulnerability was discovered by Athanasios Tserpelis of Telspace Systems