{"id":"CVE-2024-12668","details":"Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the  g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers.","modified":"2026-04-12T05:53:13.569702Z","published":"2024-12-16T15:15:06.807Z","references":[{"type":"WEB","url":"https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/velocidex/winpmem","events":[{"introduced":"0"},{"fixed":"57f829bc00b242d51c66a699f56d7edb3074e309"}]}],"versions":["v4.0.rc1"],"database_specific":{"vanir_signatures_modified":"2026-04-12T05:53:13Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12668.json","vanir_signatures":[{"id":"CVE-2024-12668-16a44d72","digest":{"length":2662,"function_hash":"246609833084807281077557911160853841158"},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Function","target":{"function":"WinPmem::write_raw_image","file":"src/executable/winpmem.cpp"}},{"id":"CVE-2024-12668-40ee4dc3","digest":{"length":653,"function_hash":"24294149882780419573930789576403294767"},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Function","target":{"function":"pte_remap_rogue_page","file":"src/pte_mmap.c"}},{"id":"CVE-2024-12668-48c847c5","digest":{"length":2624,"function_hash":"36463689445090217531519118408844341954"},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Function","target":{"function":"DriverEntry","file":"src/winpmem.c"}},{"id":"CVE-2024-12668-7e7bec1b","digest":{"line_hashes":["292543065355488956516127309540959172904","135670459287117378618235527849179706382","116810287672575946928097251502945109797","19079602017739583275006199842969592451","315182437349163440297050932438003186120","91669396922054414759836546213952674391","206928355206348895041477481546407652017","208715802025052739293928066483990674923","131095724026551291295460880610936197942","218308597933297537644432979290683382886","53980283789317711713244053946208412213","74280778626845815650499722970023093560","149158084348273111909557161899990214600","234276539844899977138474580743609796868","34256417823887999710126353281527816262","305430530968388045469508473676026093661","191364807174024971947590778970908719384","323911186171901497125337734975358859810","284408032205194728676366629660135898733","217059627477005533935976489364067643909","258673224714708728424535234628892207428","25265147113744767519285866948473717321","323706883629957765825614283984812775886","303265615840149778696940213495367326437","123254348444649528548139184030541344922","9450882983060304860487195737322575779","284847885605898198462222124151116719958","263665561040843301054866301229224068442","287537468433336461131125403795222206602","49651446661548479682254515159423748114","197766347431892721109984589342400133062","43845715113446672528452193591637463241","53947908832766930121231930175063626978","150522194800475228583682476273844461867","36460675403604599827022945627384137127","178607356621321764897269200072388458099","106958326864499230129550409861046809378","285083182852566951626635258133072438112","41382684833722240146233368591618771414","39839332698143736151952255375371697074","111654943458737500082190461929255789341","146920326209422184333694853286124502367","25443375004336599145045450209571445460","90876682780621641062686838419084080360","225774438953325644640143113186961005517","100177519189548272634978146552596212119","307842813190266743593469808700335049134","318169302058100159302740375808830081478","91689813294790512345938570574323592219","66243197201311248259526109882524233712","155439258514335220648085899261352934858","223043504054921101357833297019275183865","39839332698143736151952255375371697074","111654943458737500082190461929255789341","233227032531432241433141844711559010111","19313739696780854089541067082805228363","90628559885463245573773143298467047889","44024847054600558290457569717717726145","125293400642730542848133356400263699411","209160249587682349819360461141798849916","29421723206500402860087515397035397349","104345631523135861880859040797311265756","71427902930998369032161644412940027367","129479499573182257981043814491410453250","69445165065814601302771473805132191092","273059458548403200741067975554223470775","36387527528930062122101754653307844959","138033468613914772609234921905472257934","236808369142159827328931062943088571276","228214735519144413306157198551606656000"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Line","target":{"file":"src/read.c"}},{"id":"CVE-2024-12668-837fa42e","digest":{"length":1424,"function_hash":"76955029498624416151356621556797808212"},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Function","target":{"function":"WinPmem::copy_memory","file":"src/executable/winpmem.cpp"}},{"id":"CVE-2024-12668-8e27b83a","digest":{"line_hashes":["152487627542510232822252811400187571965","13739153403572362040945860614932828670","259139024054395836395171958529300919021"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Line","target":{"file":"src/pte_mmap.h"}},{"id":"CVE-2024-12668-9be26131","digest":{"length":1042,"function_hash":"225040383401283157813452651754881948821"},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Function","target":{"function":"setupBackupForOriginalRoguePage","file":"src/pte_mmap.c"}},{"id":"CVE-2024-12668-b66c5b7d","digest":{"length":1197,"function_hash":"291612631581437708370053305497560105218"},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Function","target":{"function":"WinPmem::copy_memory_small","file":"src/executable/winpmem.cpp"}},{"id":"CVE-2024-12668-cf3c2828","digest":{"length":869,"function_hash":"339599654080420275615226171318278753143"},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Function","target":{"function":"WinPmem::pad","file":"src/executable/winpmem.cpp"}},{"id":"CVE-2024-12668-d6011259","digest":{"line_hashes":["144789069854923266934478226419013637019","48577472927593684314215013406810968615","21100329000839152777591457976001553013","184716607747585549534878587711228618318","84698227316479714007690274388097012002","327415787012635328715385687335915600044","35713603553795876911645788163580524210","78609468688735486341052354726384337944","77710992555716826374400937894256818896","311744479663714687524830704183417655593","91895419886892338220223438818067372292","33303262597165554321531596914162872133","319984773395049395711112158509777497414","37277653256870572665010011992520227047","120492893622132890239196392751658973062","153416767209763142969372329805467715471","222628259848470645767957261137221403575","78212615487872814624417181464197401656","276204603391810938956244967312924141928","226555604757745214057853683651663860875","157992324113839754005541729920264104411","160779099413886344006613799059077180889","136708861719027989676886904891102563278","111750985216735527990630411095863076725","95924804511479069071071219698734028494","233133819838896322730683468975115022371","287062770310494410286577893890585632806","108030896955488591834266432095593370091","150610915257750193321285448996460818173","269396619886481185845674491537954311993","115714343505227813403649552125872187917","235220099757373619239906237796762734555","63522374261620212305395171324432661162","31220244223651613167071698943556886798","179026522619330264764418465441247039462","68213714476532767030484266183570176707","286041289298649870365319972586168435727","39184371352022644334884572736131035175","88674831915000729950341736408142450201","333402497681087843310940898163523627456","53030702310384786763676080781940759056","266489909453362160754563112207873557385","320568572992577028840013652008553565525","84373927656756016913329499372205100369","217506645691961721460012318530074444708","139680043468575728294374335266371246985","70312984913779540280520710110329606537","57560174016937269787657054292716815474","249831058103482938381567220996797984791","214189466285237939867755250784916414778","24149592388122926071967599155306073010","202729259527138362548136593764057211623","120019456650605083230595028349719549816","267555379004734843186782162956983753568","278903488036716210432099991608071713875","160261494828240856212552174985629035613","312074072137990713043368764494650628516","161629037103686492738280853578958194060","145526276796458957760136451884998079206","254428219086885899010687409976059921337","183855979950571017744309482321305932641","97541605912812110668759888405189031280","36311821229300629341715113723266652448","114777962596813115223569614575387665719","100435218772454263842670290451967004093","206137367379708262567906578208659648480","236351144153491509175997769782187315791","282479496820122272387573936457395088867","82335192743671833829384833239864538145","220441394655431990896537053796485867466","249220556142722353049086424571012141335","64338899158105494640402183154429287862","170456635603834376115393429872710745386","24710674471620525322210147307462823845","86867723517558735661640118302476735266","103904500633019188711230308573147031507","55891392904727579067078775580932256727","224319137462813474939057330521928337050","282502566009646593323239775873232863360","332930443131519724288760632247807273004","264940520490141004710964468835017546515","247300322046151079242360446032786367800","48570725815545512613102758689246699783","199197923562162554411020375070509050261","171337966101950866992231110303342441265","319493424382006267828534324960317448255","202292980417343005720209479080046395480","29538321687559967630607208596431319495","300009035243124337929267326137962596674","212925866514444106028215330014765838884","327232650122726882197663263585432620344","291147830694598162294062017678353452301","187054447343106469380774195760064155958","31554730138347517099479568941762308962","12021173432600862723512632860917922903","30175136822776497379084323063957591080","70312984913779540280520710110329606537","166615429941935721403004778960784065030","44184714218056166652107449839081169292","323155257487107985651235246941433035790","257607837987409296789132236974117503070","88622157832456213199815076520596028499","171553281356506635026294691388637826874","219855732080102482386328077790013448767","254428219086885899010687409976059921337","183855979950571017744309482321305932641","97541605912812110668759888405189031280","36311821229300629341715113723266652448","114777962596813115223569614575387665719","100435218772454263842670290451967004093","206137367379708262567906578208659648480","263038846654032311961309337473024163683","210823205050072687928143884311958288404","292001674387035841042761951123512669603","230165297921136910887655859821169899425","111750985216735527990630411095863076725","44980050359253555174971829867774701146","280189046268437448492387866176450655016","55959420436127257716866706881881503436","192511890226800718026578703900878780886","279804635759265088721709838128124230493","199963009985479501765982848010916173090","289244634212044676732253381100692968825","12192144946731947613562286212747509818","244272570703868892848138178596908491007","57156674495262010025541316296403747553","68694166869120953665028145720968956400","162769494141817289703104423806466915956","111598069288758104610677693948931757576","145578774132098059361471391702705495457","216309681750947037065172173010767688186","6221556502479042184110405199967519885","282940779424042031369336042016444394622","273729201857700081540734829405930316448","107054477435223593683792753487584268943","7352579461303491688939495486289800150","110782262711637496515668898727118265358","245474253262178476689329649828540107179","278732693635387359159173989966978519905","248287760818637225709428409070140145577","116074689542407187392481798761340331915"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Line","target":{"file":"src/executable/winpmem.cpp"}},{"id":"CVE-2024-12668-dc922563","digest":{"line_hashes":["87902861039099838911504431934299985300","194548897264699104746081181660584788785","58396973390275742586368084311134583628","182615807517713913366189098896998547574","195737220730060471043587106226421186535","65781110598166531054650387252308301123","141932808851446297733585891560895163955","318104105706491915476840941168080679078"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Line","target":{"file":"src/pte_mmap.c"}},{"id":"CVE-2024-12668-f37e2296","digest":{"line_hashes":["324952865366994816429585517555925875645","151157541001793846172572938009022418484","255133324184331132390378706519589115839","128993050664537814762390095446879836008","205392467183981703186720631914455707391","24706889228095430548356138518170985556","114539844531871321546259860357505595752","239181734731625404117403729221506282426","307667282460481563111824958616896523469","164608375057754558952572140971917004963","38521095555966633341986251219001650998","57837048916506589674090270815877084411","182837355617758111160299562471570738904","128105288219184293531441004071795076137","88199220237498362367038390801513542305","248348680804515569200395327566404200183","236429562051537144601815929103095777638","47960355604996655191055520123253018097","94380252080646119664984806105948701236","191961348114353304661594969633618088072","149044578690235969909151039039979251309","55382680246826867451130279903150229401","82186950806527940820459609442141621185","86798987912244407388369435363236040573","10133423378822040514958268788245910698","251422907237720747013825044082633554816","41576300405846971646236593110500651539","133145257973172752534458540723818107150","188681512206594059245787231924539425955","46432787782426224682592831177386307107","21632350290624246930682388907572116608","85966306233917604776288055654582256666","276992579928131092123238034581219656813","336677411603095320609866216374198635068","309817635460844967524267089600181204686","196395855820989566885444735771576181361","164784430268281622658022327763171689707","156708820808621902349303988707326428011","217325163779811459746380532526782903824","27665703514167444691763014297068405784","41152048464277419312310369414478090264","217124571067942547890328760351611644722","149922391312792200704926979496129694733","58311132557865603482697759105490207474","313865729643370517248195294372565695592","179078461489522015567784676993021081711","335601562287847055581015446565143669122","223478805559692278485254882449437441403","59703213848817290677751645966748337709","112360710290645867388438048689668096753","10133423378822040514958268788245910698","251422907237720747013825044082633554816","175195941662608599129187660463043892291","300562796931916381776193573234618918280","338260478252048793818026338217516356158","297205042537068483292840398668545461493","248359209399566943194338644781276731115","85966306233917604776288055654582256666","241306391088600275755807759080080775902","270119810294314905747755250863821942827","106462484311154137786813281860440774803","338408139770985147298729058402354550848","176336571483356286009147216799055680931","252268370794870837672883866770918269558","120332954927532420489061377515211989655","290919355159369938622899740954247965914","9365310072105955849168924552827058722","253616670309907693108049187701639396390","219976090110861050612514533644937565190","132014734480669821624420815310095287399","212232855206313706355730259478931803825","45640736956378666266944538818218328534","271741405195484668966739477431197116761","8339265665975867342244715885970516881","86668287990912018752024626637956816455","235817618437485540283938508831806437546","233498653946597842754648091314366020557","214003807421891565096572842312019652539","127022302545464731695839134637111827304","286911057709861242568220758488178962697","334367119324750468324395694691313619639","296588728192291418363426018093311291993","65412580404800081093093521590970438795","75778334746572716697390670951153495618","308596429237657239490330195930227802879","277783180355936839418569346170765788949","253616670309907693108049187701639396390","193699478470331769559801433379482931977","305639871058782821800877144036796401693","123164562569194527291982555126803612048","127021302050243690954479203326849548780","150632491753147232608936670965546509274","1212635739274135058440580493730996","305850145080728725306784013998372309260","13781528634070130789585126692438803048","44929465516012880718940206171543164923","337526149362504815392125812883394381732","85966306233917604776288055654582256666","224875283689951581929760747712649615340","156420453899589060136624407592529581984","175811837583949367847681225024224108649","320823740832050070495616167404533388536","171564324537509662869507334044564743915","296016717827382478025167136176295209127","122913660909061107098805199581414857616","219440679995276416418448028977200142174","213122234107481810309435654060952354901","23358997418465084458763472716385135562","40618933373716198691646529395133664759","186512046639545468696585763051105082984","13260307688690484742197012598891244251","300877764464070755199825252491184350722","244692411232312526816095869814907140371","53886289620898860103021840397887384300","233691278217631356057802198347612367376","279294647926455262717789961026418448616","85149561966774623517567722284526370661","244545729868425948553623351599096649940","111620369451275439691065112560184038516","207774778290711276152273667612325802985","122093082665705496465654183964021979828","87046310949157545913864922466925115073","7108972845062861528625470369295861675","309353385280242504205298028285916234298","155382410313961421298476266512031860787","86836143207408830798895940622709372836","133909876465128320883110658253221972872","201527089065719612414557473208963954155","322800826788993169081125402597978479508","204259616915695694994678963015819548041","293491585577787053634892519760172698292","37047659952103250797234765752115735006","333074141710635353878506192750459148821","85130172119672921990179184777108308412","302544552646990060304885684198775660017","239165256630729668628415100653168078487","261978465221173764286496619939454493744","254070021372956974458240514774914137767","324129061916691333328288746160822224822","296764215214583543171250619892159417086","13530906036605778626829032998656261433","67151717096119680813408192033047373845","197750849567073785908390099256130666834","251839894419621059696142999964932971352","85966306233917604776288055654582256666","214461364845396284760224060844031733381","328560054788532243928433247394096945503","37906228033565270679153542625926587276","41070498974310705501433662352346647478","43038772771285074053559338733367715004","113767757377074515077241980930761864614","201204017700080601759962065000993337901","10502930650053370030313892857675443559","32346453833004647280713189687632056681","322606874384021175142393409357866557589","303069300377425019857232471997992668466","87118786749452864926393768125159677779","177735867548503447740508073239771323286","190951229817281190603312022874550704686","55355954621739586947860940385684086251","230043319279641138122213574261592396876","43534548763888861219789014981541901746","62579312948568724950162779229464939278","22570836379104020578586537463262302996","142156904180317945136405384393252593315","79769403933463650477624193160667677693","180602238220192296123200214132737327433","299071772559011498775644561318603164366","17736340310986030653853316273347423828","97122122095009211306530271032920010570","205380270459930867725612901951907904390","292128038107548197493534660979171141114","319887613432835692734637881685641023765","39762390265212484633839655219723072134","277464005379468453985994005401536459277","300150965271762493146137238334272354745","109642228234691719524129092183337162636","27226149882563925186604718730294471154","135286552521004094644131132367703309901","108406055154315712490936310900135969231","185326953282347767765831603519269637098","193499518703885669511124653755630372831","251519005680354723506853935284844950293","90738589817781499462920534433492193504"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Line","target":{"file":"src/winpmem.c"}},{"id":"CVE-2024-12668-fec681a7","digest":{"length":6172,"function_hash":"63105051168742381360613561813865531163"},"signature_version":"v1","deprecated":false,"source":"https://github.com/velocidex/winpmem/commit/57f829bc00b242d51c66a699f56d7edb3074e309","signature_type":"Function","target":{"function":"wddDispatchDeviceControl","file":"src/winpmem.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}]}