We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10972

WinPmem Improper Input Validation vulnerability



Description

Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine.  A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.

Reserved 2024-11-07 | Published 2024-12-16 | Updated 2024-12-16 | Assigner rapid7


HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

<= 4.1
affected

Credits

We thank David Baptiste from the ERNW Vulnerability Disclosure Team for responsibly disclosing this issue. reporter

References

github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1

cve.org (CVE-2024-10972)

nvd.nist.gov (CVE-2024-10972)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-10972

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.