CVE-2024-45383

Sept. 18, 2024, 8:24 p.m.

5.0
Medium

Description

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.

Product(s) Impacted

Vendor Product Versions
Microsoft
  • High Definition Audio Bus Driver
  • 10.0.19041.3636

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-664
Improper Control of a Resource Through its Lifetime
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a microsoft high_definition_audio_bus_driver 10.0.19041.3636 / / / / / / /

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2008

Tags

talos-cna@cisco.com
CWE-664
2024-09-12
CVE-2024-45383

CVSS Score

5.0 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Sept. 12, 2024, 7:15 p.m.
Last Modified: Sept. 18, 2024, 8:24 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

talos-cna@cisco.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.