Researchers from Fortra come with a warning of a vulnerability in all versions of Windows 10 and 11 that can cause system instability and a denial of service.
The vulnerability tracked as CVE-2024-6768 with a CVSS score of 6.8, stems in the Common Log File System (CLFS.sys) driver of Windows and is caused by improper validation of specified quantities in input data, a situation where the system fails to correctly check or limit the values entered by a user.
The vulnerability can lead to an unrecoverable inconsistency that then triggers the KeBugCheckEx function in Windows and results in instability, including the strong possibility of the dreaded Blue Screen of Death.
The PoC designed by the researcher showed that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash. Along with potential issues such as system instability and denial of service, even the malicious users could exploit this vulnerability to repeatedly crash affected systems, disrupting operations and potentially causing data loss.
Narvaja adds that the vulnerability is produced by an Improper Validation of Specified Quantity in Input (CWE-1284), which causes an unrecoverable inconsistency in the CLFS.sys driver, forcing a call to the KeBugCheckEx function, which allows an unprivileged user to produce a BSoD in Windows.
