Unexpected IRP Complete Requests Lead to Local Denial of Service Vulnerability in Microsoft High Definition Audio Bus Driver

CVE-2024-45383

5MEDIUM

Key Information

Vendor: Microsoft
Status: Hdaudbus.sys
Vendor: CVE Published:; 12 September 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The vulnerability CVE-2024-45383 affects the Microsoft High Definition Audio Bus Driver version 10.0.19041.3636, allowing attackers to issue multiple IRP Complete requests to cause a local denial-of-service. The vulnerability has been exploited and can be triggered by executing a malicious script or application. This vulnerability can potentially impact users of the affected driver and poses a risk of system disruption. There is no specific mention of ransomware groups exploiting this vulnerability.

Affected Version(s)

HDAudBus.sys = 10.0.19041.3636 (WinBuild.160101.0800)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-45383
Created by SpiralBL0CK

News Articles

prophaze.com

CVE-2024-45383

CVE-2024-45383 : MICROSOFT HIGH DEFINITION AUDIO BUS DRIVER 10.0.19041.3636 IRP HDAUDBUS_DMA RESOURCE CONTROL - Cloud WAF

CVE-2024-45383 : A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800).

2 months ago

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 19, 2024
First article discovered by prophaze.com
Sep 13, 2024
Vulnerability published.
Sep 12, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)1 News Article(s)

Credit

Discovered by Marcin 'Icewall' Noga of Cisco Talos.