CVE-2024-38080

Warning

EPSS 21.97%
Published 09.07.2024 17:15:43
Last modified 27.01.2025 21:35:27
Source secure@microsoft.com
Teams watchlist Login
Open Login

Windows Hyper-V Elevation of Privilege Vulnerability

Affected products Warnungen 1 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.3079

Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.3880

Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.3880

Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2582

Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1009

09.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Hyper-V Privilege Escalation Vulnerability

Vulnerability

Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	21.97%	0.956

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38080

EUVD