CVE-2024-13614
MEDIUMKaspersky Anti-Virus SDK for Windows < 8.10.1.1943 - Authenticated Integer Overflow in Kernel Memory Buffer
Title source: llmDescription
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225
Scores
CVSS v3
5.3
EPSS
0.0012
EPSS Percentile
2.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (13)
Kaspersky/Kaspersky Anti-Ransomware Tool
Kaspersky/Kaspersky Anti-Virus
Kaspersky/Kaspersky Anti-Virus SDK for Windows
8.10.1.1943
Kaspersky/Kaspersky Anti-Virus SDK for Windows
8.10.1.1943 CF
Kaspersky/Kaspersky Endpoint Security for Windows
Kaspersky/Kaspersky for Windows (Standard, Plus, Premium)
Kaspersky/Kaspersky Free
Kaspersky/Kaspersky Internet Security
Kaspersky/Kaspersky Safe Kids
Kaspersky/Kaspersky Security Cloud
... and 3 more
Published
Feb 06, 2025
Tracked Since
Feb 18, 2026