CVE-2024-10972
CVSS V2 None
CVSS V3 None
Description
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.
Overview
- CVE ID
- CVE-2024-10972
- Assigner
- rapid7
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-16T14:49:07.294Z
- Last Modified Date
- 2024-12-16T15:58:46.687Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-10972 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10972 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-17 13:27:12 | Added to TrackCVE |