CVE-2024-23377

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Nov 4, 2024
Updated: Nov 7, 2024
CWE ID 823

Summary

CVE-2024-23377 is a newly identified vulnerability that affects the EVA driver. The issue arises when a user modifies the packet size of an IOCTL command after system properties have already been sent to the driver. Consequently, memory corruption occurs during the invocation of the IOCTL command from user-space. This vulnerability could potentially be exploited to execute arbitrary code or cause a denial-of-service condition, posing a significant risk to the affected system. It is recommended that users apply the forthcoming patches to mitigate this issue and maintain a secure computing environment.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share