CVE-2024-45546

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 6, 2025
Updated: Jan 13, 2025
CWE ID 125
CWE ID 126

Summary

CVE-2024-45546 is a newly identified vulnerability that affects the handling of FIPS encryption or decryption IOCTL calls in user-space. This issue results in memory corruption, potentially allowing an attacker to execute arbitrary code on the targeted system. The vulnerability could be exploited through specially crafted input, posing a significant risk to system security. The precise cause of the memory corruption has yet to be determined, but it is advised that affected systems are updated with the appropriate security patches as soon as they become available. Failure to address this vulnerability could result in unauthorized access, data theft, or denial-of-service attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share