CVE Vulnerabilities

CVE-2025-2027

Double Free

Published: Mar 28, 2025 | Modified: Mar 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the Security Update for MyASUS section on the ASUS Security Advisory for more information.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Potential Mitigations

References