CVE-2024-38123: 
vulnerability analysis and mitigation

Windows Bluetooth Driver Information Disclosure Vulnerability (CVE-2024-38123) was disclosed on August 13, 2024. This vulnerability affects Microsoft Windows 11 24H2 systems up to version 10.0.26100.1457. The vulnerability was initially reported to Microsoft Corporation and was assigned on June 11, 2024 (CVE Mitre).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) with a CVSS v3.1 Base Score of 4.4 (Medium). The vulnerability has the following vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating local access is required, low attack complexity, high privileges are needed, no user interaction is required, and the scope is unchanged with high confidentiality impact but no impact on integrity or availability (NVD).

This vulnerability could lead to information disclosure in the Windows Bluetooth Driver component. The impact is primarily focused on confidentiality, with potential exposure of sensitive information, while maintaining no direct impact on system integrity or availability (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability. The fix is available through KB5041571 for affected Windows 11 24H2 systems (Rapid7).