{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8070", "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "state": "PUBLISHED", "assignerShortName": "ASUS", "dateReserved": "2026-05-07T07:07:27.880Z", "datePublished": "2026-05-29T02:00:39.039Z", "dateUpdated": "2026-05-30T03:57:25.677Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "shortName": "ASUS", "dateUpdated": "2026-05-29T02:51:19.614Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "type": "CWE"}]}], "affected": [{"vendor": "ASUS", "product": "Armoury Crate", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "6.4.12", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:asus:armoury_crate:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndIncluding": "6.4.12"}]}]}], "descriptions": [{"lang": "en", "value": "Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver\u2019s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '\u00a0\nSecurity Update for Armoury Crate App\u00a0\u00a0\u00a0' section on the ASUS Security Advisory for more information.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver\u2019s validation mechanism, resulting in unauthorized read and write access to physical memory.<div>Refer to the '&nbsp;\nSecurity Update for Armoury Crate App&nbsp;&nbsp;&nbsp;' section on the ASUS Security Advisory for more information.</div>"}]}], "references": [{"url": "https://www.asus.com/security-advisory"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "jakub buczak", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-29T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-8070"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-30T03:57:25.677Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-8070", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-29T16:32:56.105351Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T17:05:09.584Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "jakub buczak"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ASUS", "product": "Armoury Crate", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.4.12"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.asus.com/security-advisory"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver\u2019s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '\u00a0\nSecurity Update for Armoury Crate App\u00a0\u00a0\u00a0' section on the ASUS Security Advisory for more information.", "supportingMedia": [{"type": "text/html", "value": "Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver\u2019s validation mechanism, resulting in unauthorized read and write access to physical memory.<div>Refer to the '&nbsp;\nSecurity Update for Armoury Crate App&nbsp;&nbsp;&nbsp;' section on the ASUS Security Advisory for more information.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:asus:armoury_crate:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.4.12", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "shortName": "ASUS", "dateUpdated": "2026-05-29T02:51:19.614Z"}}}, "cveMetadata": {"cveId": "CVE-2026-8070", "state": "PUBLISHED", "dateUpdated": "2026-05-29T17:05:19.797Z", "dateReserved": "2026-05-07T07:07:27.880Z", "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "datePublished": "2026-05-29T02:00:39.039Z", "assignerShortName": "ASUS"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver\u2019s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '\u00a0\nSecurity Update for Armoury Crate App\u00a0\u00a0\u00a0' section on the ASUS Security Advisory for more information."}], "id": "CVE-2026-8070", "lastModified": "2026-05-29T14:46:09.837", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary"}]}, "published": "2026-05-29T02:16:17.380", "references": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "url": "https://www.asus.com/security-advisory"}], "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,6.4.12]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Armoury Crate", "source": "cna", "vendor": "ASUS"}, "product": "armoury_crate", "vendor": "asus"}], "created": "2026-05-29T03:30:26.216708+00:00", "title": "Unauthorized Physical Memory Access via Incorrect Permission Assignment in Armoury Crate", "updated": "2026-05-29T04:00:13.590840+00:00", "vendors": ["asus", "asus$PRODUCT$armoury_crate"]}