System driver for Windows 10 and 11 may trigger BSOD

Cybersecurity firm Fortra has discovered a new vulnerability in a Windows driver that leads to a Blue Screen of Death (BSOD). The vulnerability affects fully updated systems on both Windows 10 and Windows 11.

Windows driver vulnerability

The root cause of the problem lies in the Windows driver CLFS.SYS, which is responsible for the Common Log File System. According to Fortra, the vulnerability is triggered by improper validation of input data. This leads to an unrecoverable inconsistency that triggers the KeBugCheckEx function, thus leading to a BSOD and denial of service.

CVE-2024-6768 is a vulnerability in the Windows Common Log File System (CLFS.SYS) driver caused by improper validation of certain quantities in input data. This bug leads to an unrecoverable inconsistency that triggers the KeBugCheckEx function and results in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, despite having all updates installed. Nicardo Narvaja of Fortra

Proof-of-Concept

A proof of concept (PoC) shows that an unprivileged user can cause a system crash by manipulating certain values ​​in a .BLF file. This can lead to system instability and possibly data loss.

The good thing is that it is a local attack. A threat actor needs physical access to the system to tamper with the CLFS base log file (BLF). The technical details of the proof of concept (PoC) are available on Fortra’s website.

Older vulnerability

This vulnerability is similar to CVE-2023-36424, a Local Privilege Escalation (LPE) vulnerability that Microsoft fixed last year with the November 2023 Patch Tuesday updates (KB5032189 for Windows 10 and KB5032190 for Windows 11). The principle is very similar, if not the same, so it is expected that there will be an update – probably soon – that fixes the vulnerability.

Amit Gohar