CVE-2024-23377

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Nov 4, 2024

Updated: Nov 7, 2024

CWE ID 823

Summary

CVE-2024-23377 is a newly identified vulnerability that affects the EVA driver. The issue arises when a user modifies the packet size of an IOCTL command after system properties have already been sent to the driver. Consequently, memory corruption occurs during the invocation of the IOCTL command from user-space. This vulnerability could potentially be exploited to execute arbitrary code or cause a denial-of-service condition, posing a significant risk to the affected system. It is recommended that users apply the forthcoming patches to mitigate this issue and maintain a secure computing environment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uKN5AW
https://www.cve.org/CVERecord?id=CVE-2024-23377
https://nvd.nist.gov/vuln/detail/CVE-2024-23377

Back to Vulnerability Database

CVE-2024-23377

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations