Kernel Memory Buffer Vulnerability in Kaspersky Products
CVE-2024-13614

5.3MEDIUM

Key Information:

Vendor: Kaspersky
Status: Kaspersky Anti-virus Sdk For Windows; Kaspersky Security For Virtualization Light Agent; Kaspersky Endpoint Security For Windows; Kaspersky Small Office Security
Vendor: CVE Published:; 6 February 2025

Badges

👾 Exploit Exists

Summary

Kaspersky has identified a memory corruption vulnerability across multiple products that allows an authenticated attacker to overwrite data beyond a designated kernel memory buffer, potentially compromising system integrity. The issue has been addressed through automatic updates for all Kaspersky Endpoint products to ensure seamless protection for users.

Affected Version(s)

Kaspersky Anti-Virus SDK for Windows 8.10.1.1943

Kaspersky Anti-Virus SDK for Windows 8.10.1.1943 CF

Kaspersky Security for Virtualization Light Agent 5.2 < 5.2.27.319

References

https://support.kaspersky.com/vulnerability/list-of-advis...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Feb 6, 2025
Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

Florian Schweins