CVE-2026-8070: Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory
Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory for more information.
HarborGuard Analysis
HarborGuard analysisSynopsis
Incorrect permission assignment on a critical resource in ASUS Armoury Crate lets a local user bypass the driver's validation logic and gain read/write access to physical memory. Exploitation requires a local low-privileged account on the host and succeeds despite some environmental complexity, granting full control over memory contents that typically leads to privilege escalation and host compromise. No fix version has been published; HarborGuard tracks the ASUS advisory for patch availability.
HarborGuard Coverage
Detection is available across every HarborGuard environment, with the CVE ingested from upstream feeds within minutes of publication and matched against Armoury Crate components in customer registries and build pipelines. Coverage extends to custom-built images that bundle the affected driver.
AvailableTriage is available with the CVSS v4 score of 7.3 (High) applied and reweighted against each customer's compliance policy, so environments that treat local privilege escalation as a top risk see the finding escalated accordingly. Findings are routed to the appropriate inbox inside each customer org based on workload ownership.
AvailableNo upstream fix is currently published. HarborGuard re-checks the ASUS advisory each ingest cycle and will make a patched-image rebuild available the moment ASUS ships a fixed Armoury Crate release; auto-remediation customers will then receive a rebuild, regression-test run, and PR opened against affected workloads.
Pending upstreamExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host running Armoury Crate; no network path is involved.
- AuthenticationRequired
A local low-privileged account on the affected system is sufficient to invoke the vulnerable driver interface.
- Victim interactionNot required
No user action is needed once the attacker has local code execution.
- Attack complexityDetail
Attack complexity is high, indicating the exploit depends on environmental factors such as timing or memory layout to bypass the driver's validation.
Blast Radius
- Reads arbitrary physical memory, exposing kernel structures, credentials, and any secrets resident in RAM.
- Writes arbitrary physical memory, enabling kernel-level tampering and reliable escalation to SYSTEM or equivalent.
- Disrupts or crashes the host by corrupting kernel memory, taking the affected machine offline.
How HarborGuard Handles This
Available on HarborGuard: continuous monitoring of the ASUS advisory for a fixed Armoury Crate release, with automatic ingestion the moment a patched version is published. Until then, compensating-control suggestions are surfaced for affected workloads, including restricting local account provisioning on hosts that ship Armoury Crate, removing the driver from images that do not require it, and gating installation behind device-management policy. When ASUS ships the fix, a patched-image rebuild becomes available automatically, and environments with auto-remediation enabled receive a rebuild, regression run, and merged PR against affected workloads, typically within about 90 minutes of publication for high-severity issues.
Metrics
- CVSS v4.0
- 7.3
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
- ASUS / Armoury Crate≤ 6.4.12
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N