CVE-2024-41168

CVE-2024-41168 is a use-after-free vulnerability (CWE-416) affecting Intel PROSet/Wireless WiFi and Killer™ WiFi software for Windows versions prior to 23.80. The flaw resides in the WiFi drivers, where freed memory is accessed post-deallocation, potentially leading to crashes or instability. It carries a CVSS v3.1 base score of 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), indicating high severity due to its impact on availability with a changed scope.

An unauthenticated attacker with adjacent network access can exploit this vulnerability to trigger a denial-of-service condition. Exploitation requires local network proximity, such as from a nearby device on the same WiFi network or wired segment, with low complexity and no user interaction or privileges needed. Successful attacks result in high-impact availability disruption, potentially causing the affected WiFi software to crash and rendering wireless connectivity unavailable.

Intel's security advisory (INTEL-SA-01224) at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01224.html details mitigation, recommending an update to version 23.80 or later of the affected software, which addresses the use-after-free issue. Practitioners should verify installations via Intel's driver update tools and monitor for patches on supported Windows systems.