Out-of-bounds Read (CWE-125)
Windows Layer-2 Bridge Network Driver is vulnerable to a Denial of Service attack. This vulnerability is classified as an Out-of-bounds Read (CWE-125) issue. The attack vector is from an adjacent network, requires low attack complexity, and does not need user interaction or privileges.
This vulnerability could allow an attacker on an adjacent network to cause a Denial of Service condition, potentially disrupting the availability of the affected Windows system. The attack has a high impact on system availability but does not affect confidentiality or integrity. Given the CVSS base score of 6.5 (Medium severity), it represents a significant risk to system operations.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch for this vulnerability is available. Microsoft released the patch on July 9, 2024.
1. Apply the security update provided by Microsoft as soon as possible. 2. If immediate patching is not feasible, consider implementing network segmentation to restrict access from adjacent networks. 3. Monitor for unusual network activity or system behaviors that might indicate exploitation attempts. 4. Ensure that Windows systems, particularly those with Layer-2 Bridge Network Driver, are included in regular vulnerability assessments and patching cycles.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Detection for the vulnerability has been added to Qualys (92149)
A CVSS base score of 6.5 has been assigned.
NVD published the first details for CVE-2024-38101
Feedly found the first article mentioning CVE-2024-38101. See article
Feedly estimated the CVSS score as MEDIUM
This CVE started to trend in security discussions
EPSS Score was set to: 0.04% (Percentile: 13%)
This CVE stopped trending in security discussions