A newly found vulnerability, recognized as CVE-2024-6768, has surfaced within the Frequent Log File System (CLFS.sys) driver of Home windows.
This difficulty, recognized by Fortra cybersecurity researcher, Ricardo Narvaja, highlights a flaw that might enable an unprivileged person to trigger a system crash, leading to Blue Display screen of Demise (BSOD).
The vulnerability exists resulting from improper enter information validation, resulting in an unrecoverable system state.
The affected CLFS.sys driver is integral to Home windows 10 and Home windows 11 working techniques, which means all variations of those working techniques are prone, no matter updates.
Overview of CVE-2024-6768 Vulnerability in Home windows CLFS.sys Driver
The flaw permits a crafted worth in a selected log file format, resembling a .BLF file, to take advantage of the system and pressure it right into a crash. The exploit is straightforward to execute with low privileges and doesn’t require person interplay.
Narvaja stated the vulnerability poses a major danger as it could result in system instability and denial of service (DoS) assaults. An attacker might exploit this flaw to repeatedly crash affected techniques, doubtlessly inflicting information loss and disruption to operations.
The researcher reported the vulnerability and documented the method of reproducing the crash, together with making a Proof of Content material (PoC) vector.
CVE-2024-6768 is classed with a CVSS base rating of 6.8, indicating a medium severity degree. The vulnerability is categorized below the Frequent Weak point Enumeration (CWE) as ‘Improper Validation of Specified Amount in Enter’ (CWE-1284).
The assault vector is native, which means it have to be executed on the system itself, and the assault complexity is low, making it accessible for much less expert attackers.
The exploit takes benefit of a selected offset inside the CLFS shopper context construction. When executed, PoC exploits the vulnerability, manipulating the system into an unrecoverable state that triggers the KeBugCheckEx perform name, a core Home windows mechanism designed to deal with important errors.
This name leads to the BSoD, which forces the system to restart. The vulnerability’s simplicity and the potential for repeated exploitation make it a vital concern for organizations counting on Home windows techniques.
Learn extra on the BSoD: CrowdStrike Home windows Outage: What We Can Be taught
Narvaja inspired researchers and professionals to maintain techniques up to date and monitor for uncommon exercise to scale back the chance of exploitation.
