CVE-2024-12668

Name of the Vulnerable Software and Affected Versions Velocidex WinPmem versions below 4.1

Description The issue allows a user space program to trick the driver into writing a 0 into any chosen memory location by using an IO Control. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system, allowing attackers to load unsigned drivers.

Recommendations For Velocidex WinPmem versions below 4.1, update to version 4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable driver to minimize the risk of exploitation. Avoid using the vulnerable IO Control until the issue is resolved. At the moment, there is no other information about additional mitigation measures.