Exploitation Summary
CVE-2024-21338 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 4, 2024, with confirmed use in ransomware campaigns. EIP tracks 11 public exploits from researchers including Milad karimi, E1 Coders, hakaioffsec.
AI-analyzed exploit summary This exploit demonstrates a kernel privilege escalation vulnerability in Microsoft Windows 11 by leveraging the AppLocker driver's IOCTL interface to manipulate kernel structures. It includes functions to locate kernel objects, scan for patterns, and send crafted IOCTL requests to achieve privilege escalation.
Description
Windows Kernel Elevation of Privilege Vulnerability
Exploits (11)
This exploit demonstrates a kernel privilege escalation vulnerability in Microsoft Windows 11 by leveraging the AppLocker driver's IOCTL interface to manipulate kernel structures. It includes functions to locate kernel objects, scan for patterns, and send crafted IOCTL requests to achieve privilege escalation.
The provided code is a Metasploit module template that lacks specific exploit logic for CVE-2024-21338. It references a generic 'FooBar' service and does not include technical details or functional exploit code for the vulnerability.
This repository contains a functional local privilege escalation (LPE) exploit for CVE-2024-21338, targeting Windows 10/11 with HVCI enabled. The exploit manipulates tokens to escalate from admin to kernel privileges, as evidenced by the detailed token manipulation and impersonation logic in the provided C++ code.
This repository contains a functional local privilege escalation (LPE) exploit for CVE-2024-21338, targeting a vulnerability in the Windows AppLocker driver (appid.sys). The exploit manipulates kernel memory to escalate privileges to SYSTEM by overwriting the token of the current process.
This repository contains a functional exploit PoC for CVE-2024-21338, targeting a Windows kernel vulnerability. The code demonstrates a local privilege escalation (LPE) by manipulating kernel structures to escalate privileges to SYSTEM.
The repository contains only a README.md file with minimal information about CVE-2024-21338, describing it as a local privilege escalation vulnerability on Windows 10/11 with HVCI enabled. No exploit code, technical details, or proof-of-concept is provided.
This repository contains a functional exploit for CVE-2024-21338, demonstrating a kernel configuration bypass via IOCTL manipulation to achieve local privilege escalation. The code leverages NtDeviceIoControlFile to overwrite a kernel pointer with a gadget address, leading to arbitrary code execution in kernel mode.
This repository contains a functional proof-of-concept exploit for CVE-2024-21338, a local privilege escalation vulnerability on Windows 10 and 11 with HVCI enabled. The exploit manipulates tokens to escalate from admin to kernel privileges, as evidenced by the detailed token manipulation code in the provided files.
This repository contains a functional exploit for CVE-2024-21338, demonstrating a local privilege escalation (LPE) vulnerability in Windows 10 22H2. The exploit leverages a race condition in the AppId driver to overwrite kernel memory, ultimately escalating privileges to SYSTEM by stealing the system process token.
This repository contains a functional exploit for CVE-2024-21338, targeting a local privilege escalation vulnerability in Windows via the AppID driver. The exploit includes token manipulation and process impersonation to achieve SYSTEM-level privileges.
This repository contains a functional exploit PoC for CVE-2024-21338, targeting a Windows kernel vulnerability. The code demonstrates a local privilege escalation (LPE) by manipulating kernel objects and leveraging a vulnerable callback mechanism in the Windows AppIDSvc service.
References (5)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H