CVE-2024-38080
Windows Hyper-V Elevation of Privilege Vulnerability
In short
A security flaw in Windows Hyper-V allows a user with basic computer access to gain higher privileges and control the entire system. This happens because the virtualization software doesn't properly validate certain operations, letting attackers bypass security restrictions.
Technical detail
Integer overflow vulnerability (CWE-190) in Windows Hyper-V allows local privilege escalation when an authenticated user submits specially crafted input to the hypervisor. The vulnerability stems from insufficient input validation on operations, enabling an attacker to execute arbitrary code with system privileges.
Summary generated and translated by AI from the official description.
Windows Hyper-V Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 11 version 21H2Microsoft · Windows 11 version 22H2Microsoft · Windows 11 version 22H3Microsoft · Windows 11 Version 23H2Microsoft · Windows Server 2022Microsoft · Windows Server 2022, 23H2 Edition (Server Core installation)public PoCs found — 1
githubgithub.com/pwndorei/CVE-2024-38080★ 30⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →