ASUS bsitf.sys (CVE-2026-13585): Arbitrary Physical Memory Mapping

This was discoved with DeepZero Tracked as CVE-2026-13585. ASUS has published a vendor advisory with countermeasures. ASUS ships a kernel driver called bsitf.sys with their Business Manager and Software Manager. It creates a device at \\.\bsitf that requires admin to open. IOCTL 0x222808 takes a size from your input buffer, allocates that much physically contiguous kernel memory, maps it into your process, and gives you back the pointer AND the physical address. There’s no validation on the size, no limit on how many allocations you can make, and no input checking at all. ...