CVE-2024-21345

HIGH

Windows Server 2022 23H2 < 10.0.25398.709 - Heap-based Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-21345. PoCs published by exploits-forsale, FoxyProxys.

AI-analyzed exploit summary This PoC exploits a race condition in NtQueryInformationThread to manipulate TEB (Thread Environment Block) offsets, potentially leading to arbitrary kernel memory writes. The code uses a high-priority thread to flip TEB offset and read size values during the query, creating a race condition.

Description

Windows Kernel Elevation of Privilege Vulnerability

Exploits (2)

nomisec WORKING POC 77 stars
by exploits-forsale · poc
https://github.com/exploits-forsale/CVE-2024-21345

This PoC exploits a race condition in NtQueryInformationThread to manipulate TEB (Thread Environment Block) offsets, potentially leading to arbitrary kernel memory writes. The code uses a high-priority thread to flip TEB offset and read size values during the query, creating a race condition.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Windows Kernel (specific version unknown)
No auth needed
Prerequisites: Access to execute code on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS
by FoxyProxys · poc
https://github.com/FoxyProxys/CVE-2024-21345

The repository contains a vague README with no technical details, no exploit code, and makes unrealistic claims about kernel exploitation. It lacks any substantive information about the vulnerability or proof-of-concept code.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unspecified
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.2024
EPSS Percentile 97.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-122
Status published
Products (1)
microsoft/windows_server_2022_23h2 < 10.0.25398.709
Published Feb 13, 2024
Tracked Since Feb 18, 2026