Unexpected IRP Complete Requests Lead to Local Denial of Service Vulnerability in Microsoft High Definition Audio Bus Driver
CVE-2024-45383
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 12 September 2024
Badges
What is CVE-2024-45383?
The vulnerability CVE-2024-45383 affects the Microsoft High Definition Audio Bus Driver version 10.0.19041.3636, allowing attackers to issue multiple IRP Complete requests to cause a local denial-of-service. The vulnerability has been exploited and can be triggered by executing a malicious script or application. This vulnerability can potentially impact users of the affected driver and poses a risk of system disruption. There is no specific mention of ransomware groups exploiting this vulnerability.
Affected Version(s)
HDAudBus.sys 10.0.19041.3636 (WinBuild.160101.0800)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
prophaze.comCVE-2024-45383CVE-2024-45383 : MICROSOFT HIGH DEFINITION AUDIO BUS DRIVER 10.0.19041.3636 IRP HDAUDBUS_DMA RESOURCE CONTROL - Cloud WAF
CVE-2024-45383 : A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800).
References
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by prophaze.com
Vulnerability published