CVE-2024-10972

Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1

Configurations

No configuration.

History

05 Sep 2025, 09:15

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-367

16 Dec 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-16 15:15

Updated : 2025-09-05 09:15

NVD link : CVE-2024-10972

Mitre link : CVE-2024-10972

CVE.ORG link : CVE-2024-10972

JSON object : View

Products Affected

No product.

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

7.3 /10