HN Security CVE 2024 49138 Windows CLFS heap based buffer overflow analysis

Source provenance. Raw material catalogued for the wiki ingest pipeline. Lives offline at raw_sources/windows-exploit-research/HN Security CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis.md.

Status: integrated Integrated into: CVE-2024-49138

Excerpt

In the previous article, we discussed a vulnerability in the LoadContainerQ() function inside clfs.sys. The root cause of the vulnerability was LoadContainerQ() using a CLFS_CONTAINER_CONTEXT.pContainer without checking if FlushImage() invalidated…