CVE-2024-45383

2024-09-1219:15:04

CWE-664

[email protected]

web.nvd.nist.gov

mishandling vulnerability

irp requests

microsoft audio driver

denial-of-service

specially crafted application

local attack

malicious script

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

JSON

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.

Affected configurations

Nvd

Node

microsofthigh_definition_audio_bus_driverMatch10.0.19041.3636

VendorProductVersionCPE
microsofthigh_definition_audio_bus_driver10.0.19041.3636cpe:2.3:a:microsoft:high_definition_audio_bus_driver:10.0.19041.3636:*:*:*:*:*:*:*