CVE-2024-38080
ENISA EUVD: EUVD-2024-37774 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
4 articles
Published: 2024-07-09
EPSS Score
Source: FIRST.org · 2026-05-23
14.2%
probability
This CVE has a 14.2% probability
of being exploited in the next 30 days.
0%
Top 94.5th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Temporal
Exploit Code Maturity
Unproven
Remediation Level
Official Fix
Report Confidence
Confirmed
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Description
NVDWindows Hyper-V Elevation of Privilege Vulnerability
Affected Products
Microsoft
Windows Server 2022
10.0.20348.0
Microsoft
Windows 11 version 21H2
10.0.0
Microsoft
Windows 11 version 22H2
10.0.22621.0
Microsoft
Windows 11 version 22H3
10.0.22631.0
Microsoft
Windows 11 Version 23H2
10.0.22631.0
Google Project Zero
Patched
July 9, 2024
Reported by
???
Root Cause Analysis
???
Exploits & PoC
pwndorei/CVE-2024-38080
poc code for CVE-2024-38080
30
2024-09-01
1 repo — triés par ⭐
Rechercher sur GitHub ↗
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080
vendor-advisory
patch
Signal Intelligence
Confidence
92%
EPSS
14.2%
CVSS v3.1
7.8
Mentions
4
Last Seen
Jul 12, 2024
CNA Information
CNA Assigner
microsoft
CNA Title
Windows Hyper-V Elevation of Privilege Vulnerability
Analyst Note
CVE-2024-38080 is confirmed as a legitimate Windows Hyper-V elevation of privilege vulnerability patched by Microsoft in July 2024. The vulnerability's inclusion in Google Project Zero and coverage by reputable security sources (BleepingComputer, CERT-EU) combined with its HIGH CVSS v3 score of 7.8 provide strong corroboration of its authenticity and impact.
Threat Actors 1
Infy
apt_group
Information theft and espionage
🇮🇷 IR
Triage Info
Decided atMar 03, 2026
Published DateJul 09, 2024