Cyber Resilience

CVE-2024-38080

HighCISA KEVActive ExploitationEUVD Exploited

Published: 09 July 2024

Published
09 July 2024
Modified
28 October 2025
KEV Added
09 July 2024
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1420 94.5th percentile
Risk Priority 44 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38080 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Microsoft Windows 11 21H2. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 5.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-38080 is an elevation of privilege vulnerability in Windows Hyper-V, carrying a CVSS 3.1 base score of 7.8. The flaw is associated with CWE-190 and was publicly disclosed on 9 July 2024.

A local attacker who already possesses a low-privileged account on an affected Hyper-V host can exploit the issue without user interaction. Successful exploitation grants the attacker full control over the confidentiality, integrity, and availability of the system, effectively allowing a privilege escalation to SYSTEM-level access within the Hyper-V environment.

Microsoft has published guidance and patches through its Security Response Center, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.

The EPSS score rose from a low baseline to a peak of 0.2197 before settling at the current value of 0.1420, indicating that exploitation interest increased after disclosure and that the vulnerability continues to warrant attention.

EU & UK References

Vulnerability details

Windows Hyper-V Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
09 July 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 11 21h2
≤ 10.0.22000.3079
microsoft
windows 11 22h2
≤ 10.0.22621.3880
microsoft
windows 11 23h2
≤ 10.0.22631.3880
microsoft
windows server 2022
≤ 10.0.20348.2582
microsoft
windows server 2022 23h2
≤ 10.0.25398.1009

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patch that eliminates the integer-overflow flaw before exploitation can succeed.

prevent

Limits the low-privileged local account to the minimum rights needed, reducing the ability to trigger or benefit from the Hyper-V EoP.

prevent

Enforces memory-protection mechanisms that can block or contain the memory corruption resulting from the CWE-190 integer overflow.

References