Null Pointer Dereference in Windows Kernel Memory Affects Microsoft Products
CVE-2025-24997

4.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Server 2022; Windows 10 Version 21h2; Windows 11 Version 22h2; Windows 10 Version 22h2
Vendor: CVE Published:; 11 March 2025

Summary

A null pointer dereference vulnerability in Windows Kernel Memory may allow an authenticated attacker to cause a local denial of service. This issue can disrupt system functionality, leading to application crashes and operational instability. Users are encouraged to apply any available security updates from Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.5608

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.5608

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.5039

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Jan 30, 2025