AI Agents Found an ASUS Kernel Zero-Day

I had $100 in unused Google Cloud credits from my Google One Ultra plan and figured I’d put them toward something interesting. Over the long weekend I ended up building an automated pipeline that scans thousands of Windows kernel drivers for exploitable vulnerabilities, specifically looking for signed ones so they can be loaded without test-signing mode enabled. On its first real run on a massive driver pack, it successfully flagged a zero-day in an ASUS driver. ...

April 6, 2026 · 5 min

ASUS bsitf.sys (CVE-2026-13585): Arbitrary Physical Memory Mapping

This was discoved with DeepZero Tracked as CVE-2026-13585. ASUS has published a vendor advisory with countermeasures. ASUS ships a kernel driver called bsitf.sys with their Business Manager and Software Manager. It creates a device at \\.\bsitf that requires admin to open. IOCTL 0x222808 takes a size from your input buffer, allocates that much physically contiguous kernel memory, maps it into your process, and gives you back the pointer AND the physical address. There’s no validation on the size, no limit on how many allocations you can make, and no input checking at all. ...