CVE-2024-10972 HIGH

CVE-2024-10972: WinPmem Improper Input Validation vulnerability

Vendor Velocidex
Product WinPmem
Weakness CWE-367
Published December 16, 2024
Last update September 5, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine.  A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.

Key dates

02Disclosure timeline

December 16, 2024 CVE published
September 5, 2025 Record updated