CVE-2024-21345
NT Kernel -- elevation of privilege via improper kernel object handling
Summary
| Field | Value |
|---|---|
| Driver | ntoskrnl.exe |
| Vulnerability Class | Elevation of Privilege |
| Exploited ITW | No |
| CVSS | 7.8 |
Root Cause
A kernel EoP in ntoskrnl.exe where insufficient validation during object manipulation lets a user-mode process corrupt kernel object state and escalate privileges.
PoC and analysis published by the exploits-forsale research team on GitHub.
Exploitation
The object handling flaw yields a kernel write primitive. Manipulate the vulnerable object to get arbitrary write, then overwrite the process token for SYSTEM.
Patch Analysis
The fix adds validation checks in the kernel object handling path, blocking user-mode processes from corrupting object state.