← All drivers
vulnerable
Driver

ace-base.sys

Anti-Cheat Expert (ACE) base kernel driver

From Tencent
Part of the ACE family
Status
On a known-vulnerable list
Known variants
1 distinct hashes
Public CVEs
1
Field notes

ace-base.sys is the kernel half of Anti-Cheat Expert (ACE), Tencent's in-house anti-cheat product line. ACE is the modern continuation of what Tencent originally called TenProtect; the driver loads only while a protected game is running and reaches into kernel-visible state that a user-mode anti-cheat cannot see.

CVE-2024-22830 documents an improper access control flaw in ACE-BASE.sys version 1.0.2202.6217 that allowed a regular local user to escalate to SYSTEM or Protected Process Light. Disclosed in January 2024 and patched by Tencent in later builds.

ACE-protected titles include Delta ForceGameDelta ForceOpen plate → (the competitive FPS), Honor of Kings, Arena Breakout: Infinite, Call of Duty: Mobile (PC client), Wuthering WavesGameWuthering WavesOpen plate →, and Infinity Nikki, plus licensed-out non-Tencent titles such as Cathedral Studios' The Bornless. Note that Marvel RivalsGameMarvel RivalsOpen plate → (NetEase) and Naraka: BladepointGameNaraka: BladepointOpen plate → (24 Entertainment) use NetEase's separate NeacProtect product, which is often confused with ACE but is a different driver from a different vendor.

If you have a current ACE-protected game installed and patched, the driver is expected. If you find ACE-*.sys files on your system after uninstalling every ACE-protected game you have ever played, the kernel service may persist; check Windows services for the ACE service and remove it if you no longer play.

What the record shows

ace-base.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “ace-base.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/ace-base-sys