Lucene search

TalosCVELIST:CVE-2024-45383

HistorySep 12, 2024 - 6:19 p.m.

CVE-2024-45383

2024-09-1218:19:23

CWE-664

talos

www.cve.org

vulnerability

irp requests

hdaudbus_dma

denial-of-service

microsoft high definition audio bus driver

winbuild.160101.0800

local

malicious script

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

JSON

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "HDAudBus.sys",
    "versions": [
      {
        "version": "10.0.19041.3636 (WinBuild.160101.0800)",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2024-2008

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

JSON

Related for CVELIST:CVE-2024-45383