CVE-2024-21338

Published Feb 13, 2024

Last updated 4 months ago

Exploit knownCVSS high 7.8
Zero-day

Overview

Description
Windows Kernel Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_11_23h2, windows_server_2019, windows_server_2022, windows_server_2022_23h2

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Exploit added on
Mar 4, 2024
Exploit action due
Mar 25, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-822
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 【独自】米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログで、以下の3件の脆弱性のランサムウェアによる悪用が確認済みとなった。 - WindowsカーネルIOCTLの権限昇格CVE-2024-21338 - Adobe… https://t.co/oJlYDo1JFS https://t.co/8wc0frfQI0

    @__kokumoto

    2294 Impressions

    1 Retweet

    16 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  2. Dropped 2 Writeups Windows & Driver Internals → Exploitation Kernel Exploit ( CVEs + Root Cause → Exploit) • CVE-2025-62215 • CVE-2024-30088 • CVE-2024-21338 • Stack Overflow & Arbitrary Overwrite (Kernel) https://t.co/TAj4v5rG1v #ExploitDevelopment

    @0XDbgMan

    15 Feb 2026

    68 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Windows AppLocker Driver LPE Vulnerability – CVE-2024-21338 https://t.co/JjzanvUcQs

    @Hussein_Kahsay

    25 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [Research] Bypassing Windows Kernel Mitigations: Part 2 - CVE-2024-21338 Dive into bypassing kCFG with a Local Privilege Escalation exploit in appid.sys (CVE-2024-21338). https://t.co/iuKVrBHZqk Coming soon: Part 3! https://t.co/1l7oWWq6qp

    @hackyboiz

    12 Jan 2025

    2070 Impressions

    21 Retweets

    60 Likes

    35 Bookmarks

    0 Replies

    0 Quotes

  5. Bypassing Windows Kernel Mitigations Part 2 - CVE-2024-21338 Dive into bypassing kCFG with a Local Privilege Escalation exploit in appid.sys (CVE-2024-21338). https://t.co/iuKVrBIxfS Coming soon: Part 3! https://t.co/0Rq0ATS5ZT

    @hackyboiz

    12 Jan 2025

    43 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.CVE-2026-22769
  2. Google Chromium CSS Use-After-Free VulnerabilityCVE-2026-2441
  3. Soliton Systems K.K FileZen OS Command Injection VulnerabilityCVE-2026-25108
  4. Apple Multiple Buffer Overflow VulnerabilityCVE-2026-20700
  5. Microsoft Windows Improper Privilege Management VulnerabilityCVE-2026-21533

References

Sources include official advisories and independent security research.