CVE-2024-45383

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2008	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:high_definition_audio_bus_driver:10.0.19041.3636:*:*:*:*:*:*:*

History

18 Sep 2024, 20:24

Type	Values Removed	Values Added
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-2008 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-2008 - Exploit, Third Party Advisory
CPE		cpe:2.3:a:microsoft:high_definition_audio_bus_driver:10.0.19041.3636:::::::*
First Time		Microsoft high Definition Audio Bus Driver Microsoft
Summary		(es) Existe una vulnerabilidad de gestión incorrecta de solicitudes IRP en la interfaz HDAudBus_DMA de Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). Una aplicación especialmente manipulada puede emitir múltiples solicitudes IRP Complete, lo que genera una denegación de servicio local. Un atacante puede ejecutar una aplicación o un script malicioso para activar esta vulnerabilidad.

12 Sep 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-12 19:15

Updated : 2024-09-18 20:24

NVD link : CVE-2024-45383

Mitre link : CVE-2024-45383

CVE.ORG link : CVE-2024-45383

JSON object : View

Products Affected

microsoft

high_definition_audio_bus_driver

CWE

CWE-664

Improper Control of a Resource Through its Lifetime

{"id": "CVE-2024-45383", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.3}]}, "published": "2024-09-12T19:15:04.010", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2008", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-664"}]}], "descriptions": [{"lang": "en", "value": "A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de gesti\u00f3n incorrecta de solicitudes IRP en la interfaz HDAudBus_DMA de Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). Una aplicaci\u00f3n especialmente manipulada puede emitir m\u00faltiples solicitudes IRP Complete, lo que genera una denegaci\u00f3n de servicio local. Un atacante puede ejecutar una aplicaci\u00f3n o un script malicioso para activar esta vulnerabilidad."}], "lastModified": "2024-09-18T20:24:29.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:high_definition_audio_bus_driver:10.0.19041.3636:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B004C4C-CD2A-4CF3-8283-EDA291237B24"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}