CVE-2024-21338

CVE Published	2024-02-13
Related CWE(s)	CWE-822: Untrusted Pointer Dereference
Related Vendor(s)	microsoft
Related Product(s)	windows_10_21h2, windows_10_1809, windows_11_23h2, windows_11_21h2, windows_server_2022, windows_11_22h2, windows_server_2019, windows_10_22h2, windows_server_2022_23h2
Exploitation Reported (CISA KEV)	2024-03-04
CVSS 3 Base Score	7.8 (HIGH)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	LOCAL

Windows Kernel Elevation of Privilege Vulnerability

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

Pointer Manipulation (CAPEC-129)

This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.

References

CVE.org

View more information about CVE-2024-21338 on the official MITRE CVE website.

NIST National Vulnerability Database

CVE-2024-21338 on the NIST NVD.

CISA Known Exploited Vulnerabilities