Denial of Service in CLFS.sys

FR-2024-001 - Denial of Service in CLFS.sys

Severity
Medium
Published Date
12-Aug-2024
Updated Date
12-Aug-2024
Vulnerabilities
CVE-2024-6768
 
Notes
Description

A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.

 

Vulnerabilities

 
Denial of Service in CLFS.sys
Severity
Medium
CVE
CVE-2024-6768
CWE
CWE-1284:Improper Validation of Specified Quantity in Input
Discovery Date
19-Dec-2023
CSSv3.1
5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products
Vulnerability Notes
Details

Timeline

  • December 20, 2023 – Reported to Microsoft with a Proof-of-Concept exploit.
  • January 8, 2024 – Microsoft responded that their engineers could not reproduce the vulnerability.
  • January 12, 2024 – Fortra provided a screenshot showing a version of Windows running the January Patch Tuesday updates and a memory dump of the crash.
  • February 21, 2024 – Microsoft replied that they still could not reproduce the issue and they were closing the case.
  • February 28, 2024 – Fortra reproduced the issue again with the February Patch Tuesday updates installed and provided additional evidence, including a video of the crash condition.
  • June 19, 2024 – Fortra followed up to say that we intended to pursue a CVE and publish our research.
  • July 16, 2024 – Fortra shared that it had reserved CVE-2024-6768 and would be publishing soon.
  • August 8, 2024 – Reproduced on latest updates (July 2024 Patch Tuesday) of Windows 11 and Server 2022 to produce screenshots to share with media.
  • August 12, 2024 – CVE publication date.
 
References
 

Acknowledgements

Fortra would like to thank the following individuals:

  • Ricardo Narvaja , Fortra