What is CVE-2024-6768?

CVE-2024-6768 is a vulnerability in Microsoft Windows 10, classified under Improper Validation of Specified Quantity in Input. Published 2024-08-12.

Is CVE-2024-6768 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Windows 10

CVE-2024-6768

A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to…

EPSS: 0.193 (95.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows 10 — versions 10.0.0
Microsoft Windows 11 — versions 10.0.0
Microsoft Windows Server 2016 — versions 10.0.0
Microsoft Windows Server 2019 — versions 10.0.0
Microsoft Windows Server 2022 — versions 10.0.0

Weakness classification (CWE)

CWE-1284 — Improper Validation of Specified Quantity in Input

Public proof-of-concept exploits

References

www.fortra.com/security/advisories/research/fr-2024-001

Frequently asked questions

What is CVE-2024-6768?: CVE-2024-6768 is a vulnerability in Microsoft Windows 10, classified under Improper Validation of Specified Quantity in Input. Published 2024-08-12.
Is CVE-2024-6768 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.