PT-2024-9434 · Unknown · Devicemem Server.C
Published
2024-12-02
·
Updated
2025-07-03
·
CVE-2024-43077
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
devicemem server.c (affected versions not specified)
Description:
The issue is related to a possible out of bounds write due to memory corruption in DevmemValidateFlags of devicemem server.c. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. The vulnerability is also associated with unsafe privilege management, which could allow an attacker to gain full access to the device.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Privilege Management
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Devicemem Server.C