CVE-2024-45547

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 6, 2025
Updated: Jan 13, 2025
CWE ID 120

Summary

CVE-2024-45547 refers to a memory corruption vulnerability that can be exploited when processing an IOCTL (Input/Output Control) call from user-space. This vulnerability affects the verification of non-extension FIPS (Federal Information Processing Standards) encryption and decryption functionality. Successful exploitation could allow an attacker to corrupt memory, potentially leading to arbitrary code execution or system crashes. This vulnerability poses a significant risk, particularly in environments where user-space IOCTL calls are commonly used, and appropriate mitigations should be applied promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share