1day

CVE-2024-21338 - Windows AppLocker Kernel Elevation of Privilege Vulnerability

Ghostbyt3 1Day Breakdown 4 min read
CVE-2024-21338 is a privilege escalation vulnerability in the Windows AppLocker driver (appid.sys). The flaw resides in the AipSmartHashImageFile function, reachable via IOCTL 0x22A018, which allows user-mode input to control code execution. Specifically, the function dereferences two user-provided pointers from a shared SystemBuffer without verifying their validity or origin. One of these …
Read more…

CVE-2024-38041 - Windows AppLocker Exposure of Sensitive Information to an Unauthorized Actor

Ghostbyt3 1Day Breakdown 3 min read
CVE-2024-38041 is a information leak vulnerability in the Windows AppID driver (appid.sys). The flaw lies in the handler for IOCTL code 0x22A014, which lacks proper validation of the caller’s access mode. Specifically, the AipDeviceIoControlDispatch function does not verify that the request originates from kernel mode. As a result, a user-mode process running as LOCAL SERVICE can trigger …
Read more…

CVE-2025-21333 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities

Ghostbyt3 1Day Breakdown 4 min read
A vulnerability in the Windows Hyper-V NT Kernel Integration VSP driver exists due to a vulnerable function, VkiRootAdjustSecurityDescriptorForVmwp(), which can be invoked from user mode. This leads to a heap-based buffer overflow, ultimately resulting in privilege escalation. CVE-2025-21333: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333 Vulnerability Type: Heap-based Buffer …
Read more…