SecuriTricks - CVE-2024-38246

Description

Win32k Elevation of Privilege Vulnerability

Product(s) Impacted

Vendor	Product	Versions
Microsoft	Windows 10 21h2 Windows 10 22h2 Windows 11 21h2 Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 Windows Server 2022 Windows Server 2022 23h2	* * * * * * * *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	microsoft	windows_10_21h2	/	/	/	/	/	/	/	/
o	microsoft	windows_10_22h2	/	/	/	/	/	/	arm64	/
o	microsoft	windows_10_22h2	/	/	/	/	/	/	x64	/
o	microsoft	windows_10_22h2	/	/	/	/	/	/	x86	/
o	microsoft	windows_11_21h2	/	/	/	/	/	/	/	/
o	microsoft	windows_11_22h2	/	/	/	/	/	/	/	/
o	microsoft	windows_11_23h2	/	/	/	/	/	/	arm64	/
o	microsoft	windows_11_23h2	/	/	/	/	/	/	x64	/
o	microsoft	windows_11_24h2	/	/	/	/	/	/	arm64	/
o	microsoft	windows_11_24h2	/	/	/	/	/	/	x64	/
o	microsoft	windows_server_2022	/	/	/	/	/	/	/	/
o	microsoft	windows_server_2022_23h2	/	/	/	/	/	/	/	/

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38246

CVSS Score

7.0 / 10

CVSS Data

Attack Vector: LOCAL
Attack Complexity: HIGH
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Date

Published: Sept. 10, 2024, 5:15 p.m.
Last Modified: Sept. 17, 2024, 4:33 p.m.

Status : Analyzed

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

secure@microsoft.com

CVE-2024-38246