CVE-2024-38410

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 4, 2024
Updated: Nov 7, 2024
CWE ID 121
CWE ID 787

Summary

CVE-2024-38410 is a newly identified memory corruption vulnerability. It occurs when IOCLT, or Input-Output Control Layer Transport, is called on a device that is in an invalid state. As a result, the WMI command buffer may be freed twice, leading to unintended memory manipulation. This issue can potentially be exploited by attackers to execute arbitrary code or cause denial-of-service conditions. Devices and systems using the affected IOCLT implementation are at risk. It is recommended that affected organizations apply the forthcoming patch as soon as it becomes available to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share