CVE-2024-20698

HIGH

Windows Kernel - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-20698. PoCs published by RomanRybachek.

AI-analyzed exploit summary This repository contains a functional DoS exploit for CVE-2024-20698, targeting an integer overflow in the `WbAddLookupEntryEx` function in `ntoskrnl.exe`. The exploit spawns a large number of processes to trigger the overflow, leading to memory corruption and system instability.

Description

Windows Kernel Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 50 stars
by RomanRybachek · poc
https://github.com/RomanRybachek/CVE-2024-20698

This repository contains a functional DoS exploit for CVE-2024-20698, targeting an integer overflow in the `WbAddLookupEntryEx` function in `ntoskrnl.exe`. The exploit spawns a large number of processes to trigger the overflow, leading to memory corruption and system instability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (ntoskrnl.exe)
No auth needed
Prerequisites: Ability to execute processes on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0865
EPSS Percentile 94.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-190
Status published
Products (9)
microsoft/windows_10_1809 < 10.0.17763.5329
microsoft/windows_10_21h2 < 10.0.19044.3930
microsoft/windows_10_22h2 < 10.0.19045.3930
microsoft/windows_11_21h2 < 10.0.22000.2713
microsoft/windows_11_22h2 < 10.0.22621.3007
microsoft/windows_11_23h2 < 10.0.22631.3007
microsoft/windows_server_2019 < 10.0.17763.5329
microsoft/windows_server_2022 < 10.0.20348.2227
microsoft/windows_server_2022_23h2 < 10.0.25398.643
Published Jan 09, 2024
Tracked Since Feb 18, 2026