5.5

CVE-2023-38140

Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 1607 Version < 10.0.14393.6252
MicrosoftWindows 10 1809 Version < 10.0.17763.4851
MicrosoftWindows 10 21h2 Version < 10.0.19044.3448
MicrosoftWindows 10 22h2 Version < 10.0.19045.3448
MicrosoftWindows 11 21h2 Version < 10.0.22000.2416
MicrosoftWindows Server 2016 Version < 10.0.14393.6252
MicrosoftWindows Server 2019 Version < 10.0.17763.4851
MicrosoftWindows Server 2022 Version < 10.0.20348.1970
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.04% 0.594
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38140
Patch
Vendor Advisory
http://packetstormsecurity.com/files/175108/Microsoft-Windows-Kernel-Paged-Pool-Memory-Disclosure.html
Third Party Advisory
VDB Entry