CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 22, 2024
- Published Date
- June 11, 2024
- Last Updated
- December 31, 2024
- Vendor
- Microsoft
- Product
- Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)
- Description
- Windows Kernel Elevation of Privilege Vulnerability
CVSS Scores
CVSS v3.1
7.0 - HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-10-15 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
Zombie-Kaiser/CVE-2024-30088-Windows-poc
Type: github • Created: 2024-07-05 16:02:56 UTC • Stars: 37
该漏洞存在于 NtQueryInformationToken 函数中,特别是在处理AuthzBasepCopyoutInternalSecurityAttributes 函数时,该漏洞源于内核在操作对象时对锁定机制的不当管理,这一失误可能导致恶意实体意外提升权限。
NextGenPentesters/CVE-2024-30088-
Type: github • Created: 2024-06-27 07:05:46 UTC • Stars: 6
🆘New Windows Kernel Priviledge Escalation Vulnerability
tykawaii98/CVE-2024-30088
Type: github • Created: 2024-06-24 10:37:26 UTC • Stars: 249