module
Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes
| Disclosed |
|---|
| Jun 11, 2024 |
Disclosed
Jun 11, 2024
Description
CVE-2024-30088 is a Windows Kernel Elevation of Privilege Vulnerability which affects many recent versions of Windows 10,
Windows 11 and Windows Server 2022.
The vulnerability exists inside the function called `AuthzBasepCopyoutInternalSecurityAttributes` specifically when
the kernel copies the `_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION` of the current token object to user mode. When the
kernel preforms the copy of the `SecurityAttributesList`, it sets up the list of the SecurityAttribute's structure
directly to the user supplied pointed. It then calls `RtlCopyUnicodeString` and
`AuthzBasepCopyoutInternalSecurityAttributeValues` to copy out the names and values of the `SecurityAttribute` leading
to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.
Windows 11 and Windows Server 2022.
The vulnerability exists inside the function called `AuthzBasepCopyoutInternalSecurityAttributes` specifically when
the kernel copies the `_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION` of the current token object to user mode. When the
kernel preforms the copy of the `SecurityAttributesList`, it sets up the list of the SecurityAttribute's structure
directly to the user supplied pointed. It then calls `RtlCopyUnicodeString` and
`AuthzBasepCopyoutInternalSecurityAttributeValues` to copy out the names and values of the `SecurityAttribute` leading
to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.