CVE-2024-11616

Name of the Vulnerable Software and Affected Versions Netskope Endpoint DLP versions prior to R119

Description A security issue arises from a double-fetch problem in the Content Control Driver of Netskope Endpoint DLP, leading to a heap overflow. This occurs because the NumberOfBytes argument to ExAllocatePoolWithTag and the Length argument for RtlCopyMemory both independently dereference their value from the user-supplied input buffer inside the EpdlpSetUsbAction function. If the length value increases between these two calls, it results in the RtlCopyMemory call copying user-supplied memory contents outside the allocated buffer, causing a heap overflow. An attacker needs admin privileges to exploit this issue.

Recommendations For versions prior to R119, update to version R119 or later to resolve the issue. As a temporary workaround, consider restricting access to the EpdlpSetUsbAction function until a patch is available. Additionally, ensure that only trusted users have admin privileges to minimize the risk of exploitation.