CVE-2024-55411

CVE-2024-55411 is a vulnerability in the snxpcamd.sys kernel driver component of the SUNIX Multi I/O Card version 10.1.0.0. The issue enables attackers to perform arbitrary read and write operations on kernel memory by supplying crafted IOCTL requests to the driver. It has been assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-732 (Incorrect Permission Assignment for Critical Resource), indicating improper handling of permissions in a critical system resource.

The vulnerability is exploitable over the network by an attacker possessing low privileges on the target system, with low complexity and no requirement for user interaction. Exploitation allows arbitrary kernel memory manipulation, resulting in high-impact confidentiality, integrity, and availability violations, such as privilege escalation, code execution, or system crashes.

Advisories and further details are documented in a GitHub repository at https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55411/CVE-2024-55411_snxpcamd.sys_README.md, with the vendor SUNIX providing related information at https://www.sunix.com/tw/. No specific patch or mitigation guidance is outlined in the published disclosure as of the CVE publication date of 2025-01-07.