Description
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Reserved 2024-10-11 | Published 2024-12-10 | Updated 2024-12-20 | Assigner
microsoftHIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA Known Exploited Vulnerability
Date added 2024-12-10 | Due date 2024-12-31
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Problem types
CWE-122: Heap-based Buffer Overflow
Product status
10.0.17763.0 before 10.0.17763.6659
affected
10.0.17763.0 before 10.0.17763.6659
affected
10.0.17763.0 before 10.0.17763.6659
affected
10.0.20348.0 before 10.0.20348.2966
affected
10.0.19043.0 before 10.0.19044.5247
affected
10.0.22621.0 before 10.0.22621.4602
affected
10.0.19045.0 before 10.0.19045.5247
affected
10.0.26100.0 before 10.0.26100.2605
affected
10.0.22631.0 before 10.0.22631.4602
affected
10.0.22631.0 before 10.0.22631.4602
affected
10.0.25398.0 before 10.0.25398.1308
affected
10.0.26100.0 before 10.0.26100.2605
affected
10.0.26100.0 before 10.0.26100.2605
affected
10.0.10240.0 before 10.0.10240.20857
affected
10.0.14393.0 before 10.0.14393.7606
affected
10.0.14393.0 before 10.0.14393.7606
affected
10.0.14393.0 before 10.0.14393.7606
affected
6.0.6003.0 before 6.0.6003.23016
affected
6.0.6003.0 before 6.0.6003.23016
affected
6.0.6003.0 before 6.0.6003.23016
affected
6.1.7601.0 before 6.1.7601.27467
affected
6.1.7601.0 before 6.1.7601.27467
affected
6.2.9200.0 before 6.2.9200.25222
affected
6.2.9200.0 before 6.2.9200.25222
affected
6.3.9600.0 before 6.3.9600.22318
affected
6.3.9600.0 before 6.3.9600.22318
affected
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138 (Windows Common Log File System Driver Elevation of Privilege Vulnerability) vendor-advisory
cve.org (CVE-2024-49138)
nvd.nist.gov (CVE-2024-49138)
Download JSON
Subscribe to our newsletter to learn more about our work.
