Unexpected IRP Complete Requests Lead to Local Denial of Service Vulnerability in Microsoft High Definition Audio Bus Driver

CVE-2024-45383

5MEDIUM

Key Information

Vendor
Microsoft
Status
Hdaudbus.sys
Vendor
CVE Published:
12 September 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The vulnerability CVE-2024-45383 affects the Microsoft High Definition Audio Bus Driver version 10.0.19041.3636, allowing attackers to issue multiple IRP Complete requests to cause a local denial-of-service. The vulnerability has been exploited and can be triggered by executing a malicious script or application. This vulnerability can potentially impact users of the affected driver and poses a risk of system disruption. There is no specific mention of ransomware groups exploiting this vulnerability.

Affected Version(s)

HDAudBus.sys = 10.0.19041.3636 (WinBuild.160101.0800)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CVE-2024-45383 : MICROSOFT HIGH DEFINITION AUDIO BUS DRIVER 10.0.19041.3636 IRP HDAUDBUS_DMA RESOURCE CONTROL - Cloud WAF

CVE-2024-45383 : A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800).

3 months ago

Refferences

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

  • First article discovered by prophaze.com

  • Vulnerability published

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)1 News Article(s)

Credit

Discovered by Marcin 'Icewall' Noga of Cisco Talos.
.