Improper Resource Shutdown or Release

CVE-2024-12653

Medium

6.8/10

Summary

A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

References

Advisory Timeline

Published Dec 16, 2024

Improper Resource Shutdown or Release

CVE-2024-12653

Summary

CWE-404 - Improper Resource Shutdown or Release

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS