ACL Bypass Vulnerability in RTCore64.sys Driver Affects MSI Afterburner v4.6.6.16381 Beta 3
CVE-2024-3745

7.8HIGH

Key Information:

Vendor: Msi
Status: Msi Afterburner
Vendor: CVE Published:; 18 May 2024

What is CVE-2024-3745?

MSI Afterburner v4.6.6.16381 Beta 3 contains an ACL Bypass vulnerability within its RTCore64.sys driver that can be exploited by low-privileged users. This flaw allows attackers to trigger other vulnerabilities such as CVE-2024-1443 and CVE-2024-1460, potentially leading to broader access and control over affected systems. Users are advised to review patches and mitigations to protect their systems from possible exploitation.

Affected Version(s)

MSI Afterburner Windows 4.6.6.16381 Beta 3

References

https://fluidattacks.com/advisories/gershwin/

third-party-advisory

https://forums.guru3d.com/threads/msi-ab-rtss-development...

patch

https://forums.guru3d.com/threads/msi-ab-rtss-development...

release-notes

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2024
Vulnerability Reserved
Apr 12, 2024

Msi

What is CVE-2024-3745?

Affected Version(s)

References

CVSS V3.1

Timeline