CVE-2024-21338CISA KEVEPSS p98.8%

CVE-2024-21338Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability

Microsoft / Windows

Description

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

Scoring

EPSS51.87% probability of exploitation · percentile 98.8% · 2026-06-19T12:03:05Z

CISA KEV entry

Added to KEV: 2024-03-04

(incoming)1

TypeTargetConfidenceTier
KEVEntryMicrosoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerabilitykev-cve-2024-213380%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Microsoft Windows Kernel Privilege Escalation Vulnerability
CVE
CVE-2025-33067
CVE
CVE-2026-40369
CVE
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
CVE
Microsoft Windows Race Condition Vulnerability
CVE
Microsoft Windows Kernel Information Disclosure Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.