Unexpected IRP Complete Requests Lead to Local Denial of Service Vulnerability in Microsoft High Definition Audio Bus Driver
CVE-2024-45383
Key Information
- Vendor
- Microsoft
- Status
- Hdaudbus.sys
- Vendor
- CVE Published:
- 12 September 2024
Badges
Summary
The vulnerability CVE-2024-45383 affects the Microsoft High Definition Audio Bus Driver version 10.0.19041.3636, allowing attackers to issue multiple IRP Complete requests to cause a local denial-of-service. The vulnerability has been exploited and can be triggered by executing a malicious script or application. This vulnerability can potentially impact users of the affected driver and poses a risk of system disruption. There is no specific mention of ransomware groups exploiting this vulnerability.
Affected Version(s)
HDAudBus.sys = 10.0.19041.3636 (WinBuild.160101.0800)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVE-2024-45383 : MICROSOFT HIGH DEFINITION AUDIO BUS DRIVER 10.0.19041.3636 IRP HDAUDBUS_DMA RESOURCE CONTROL - Cloud WAF
CVE-2024-45383 : A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800).
3 months ago
Refferences
CVSS V3.1
Timeline
- 🔴
Public PoC available
- 👾
Exploit known to exist
First article discovered by prophaze.com
Vulnerability published