CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2024-38159 | Windows Network Virtualization Remote Code Execution Vulnerability | Windows 10 | Critical | 10-09-2024 |
Technical Information
The attacker may able to perform unauthorized memory writes or even free mermory blocks in use by manipulating the content of Memory Descriptor List (MDL) due to unchecked return value in wnv.sys component of Windows Server 2016. This could lead to guest-to-host escape.
Patch release date: Aug 13, 2024
Further information on this vulnerability is available at : CVE-2024-38159
Affected Software
Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,
Windows Server 2016,
Windows Server 2016 (Server Core installation)