CVE-2024-3745
HIGHMSI Afterburner v4.6.6.16381 Beta 3 - Privilege Escalation
Title source: llmDescription
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.
References (3)
Core 3
Core References
Various Sources third-party-advisory
https://fluidattacks.com/advisories/gershwin/
Various Sources patch
https://forums.guru3d.com/threads/msi-ab-rtss-development-news-thread.412822/page-227#post-6231456
Various Sources release-notes
https://forums.guru3d.com/threads/msi-ab-rtss-development-news-thread.412822/page-227#post-6231768
Scores
CVSS v3
7.8
EPSS
0.0022
EPSS Percentile
12.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (1)
MSI/MSI Afterburner
4.6.6.16381 Beta 3
Published
May 18, 2024
Tracked Since
Feb 18, 2026