CVE-2024-6768

A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.

CVSS

No CVSS.

References

Link	Resource
https://www.fortra.com/security/advisories/research/fr-2024-001
https://www.vicarius.io/vsociety/posts/cve-2024-6768-detection-script-blue-screen-of-death-vulnerability-affecting-microsoft-windows
https://www.vicarius.io/vsociety/posts/cve-2024-6768-mitigation-script-blue-screen-of-death-vulnerability-affecting-microsoft-windows

Configurations

No configuration.

History

15 Sep 2025, 18:15

Type	Values Removed	Values Added
References		() https://www.vicarius.io/vsociety/posts/cve-2024-6768-detection-script-blue-screen-of-death-vulnerability-affecting-microsoft-windows - () https://www.vicarius.io/vsociety/posts/cve-2024-6768-mitigation-script-blue-screen-of-death-vulnerability-affecting-microsoft-windows -

13 Aug 2024, 12:58

Type	Values Removed	Values Added
Summary		(es) Una denegación de servicio en CLFS.sys en Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019 y Windows Server 2022 permite que un usuario malicioso autenticado con pocos privilegios provoque una pantalla azul de la muerte mediante una llamada forzada en la función KeBugCheckEx.

12 Aug 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-12 19:15

Updated : 2025-09-15 18:15

NVD link : CVE-2024-6768

Mitre link : CVE-2024-6768

CVE.ORG link : CVE-2024-6768

JSON object : View

Products Affected

No product.

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2024-6768", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-08-12T19:15:17.120", "references": [{"url": "https://www.fortra.com/security/advisories/research/fr-2024-001", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2024-6768-detection-script-blue-screen-of-death-vulnerability-affecting-microsoft-windows", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2024-6768-mitigation-script-blue-screen-of-death-vulnerability-affecting-microsoft-windows", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function."}, {"lang": "es", "value": "Una denegaci\u00f3n de servicio en CLFS.sys en Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019 y Windows Server 2022 permite que un usuario malicioso autenticado con pocos privilegios provoque una pantalla azul de la muerte mediante una llamada forzada en la funci\u00f3n KeBugCheckEx."}], "lastModified": "2025-09-15T18:15:36.707", "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}