CVE-2024-38080 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Hyper-V Privilege Escalation Vulnerability

Exploit added

July 9, 2024

Action due

July 30, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows Hyper-V Elevation of Privilege Vulnerability

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080

Weakness Enumeration

CWE-ID	CWE Name
CWE-190	Integer Overflow or Wraparound

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.709:::::::*
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.3007::::::x64:
cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.2713::::::x64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:::::::*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.643:::::::*
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007:::::::*
cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.2713::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.3007::::::arm64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.25398.643:::::::*
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007::::::arm64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.531::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.521::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.584::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:-::::::x64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.405::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.261::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.407::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.380::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.405::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.380::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.320::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.261::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.320::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.407::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.320::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.469::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.380::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.469::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668::::azure::x64:*

Details

Source:
NVD

Published:
July 9, 2024

Updated:
July 10, 2024

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined