Improper Input Validation Vulnerability in Velocidex WinPmem
CVE-2024-10972

7.3HIGH

Key Information:

Vendor: Velocidex
Status: Winpmem
Vendor: CVE Published:; 16 December 2024

Summary

CVE-2024-10972 is a high-severity vulnerability found in Velocidex WinPmem versions prior to 4.1. This flaw stems from improper input validation, allowing attackers to directly communicate with the driver through the "\.\pmem" device interface. By exploiting this vulnerability, they can initiate device operations using IOCTL calls, which may lead to unauthorized access or control over sensitive system functions. Users are strongly urged to upgrade to version 4.1 or later to mitigate the risks associated with this vulnerability.

Affected Version(s)

WinPmem <= 4.1

References

https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Nov 7, 2024

Credit

We thank David Baptiste from the ERNW Vulnerability Disclosure Team for responsibly disclosing this issue.