CVEs

Deep-dive write-ups for individual vulnerabilities — root cause, exploitation flow, primitives, references.

39 pages in this category.

• CVE-2020-1350 — SIGRed: Windows DNS Server Heap Overflow (dns.exe)
• CVE-2020-16898 — Windows TCP/IP ICMPv6 Router Advertisement RCE (“Bad Neighbor”)
• CVE-2021-24086 — Windows TCP/IP IPv6 Fragmentation NULL Dereference (“Packet of Death”)
• CVE-2021-24094 — Windows TCP/IP IPv6 Recursive Reassembly UAF + Firewall Bypass
• CVE-2021-31956 — NTFS NtQueryEaFile Heap Overflow → WNF LPE
• CVE-2021-31969 — cldflt.sys Pool Overflow (Restrictive Chunk Size) (EoP)
• CVE-2022-21907 — Windows HTTP Protocol Stack Uninitialized MDL (http.sys)
• CVE-2022-22715 — Windows Dirty Pipe (npfs.sys LFH→VS Overflow, AppContainer Escape)
• CVE-2022-24521 — CLFS CLIENT_CONTEXT/CONTAINER_CONTEXT Overlap → Arbitrary Decrement
• CVE-2022-34718 — EvilESP: Windows TCP/IP IPsec ESP OOB Write RCE
• CVE-2022-37969 — CLFS OOB Write via SignaturesOffset Corruption
• CVE-2023-23376 — CLFS CONTROL Block OOB via DumpCount/Sector Signature Overlap
• CVE-2023-28218 — afd.sys CMSGBuffer Integer Overflow Heap Corruption
• CVE-2023-28229 + CVE-2023-36906 — CNG Key Isolation UAF + OOB Read (AppContainer Escape)
• CVE-2023-28252 — CLFS OOB Write → Arbitrary Increment → LPE (Nokoyawa)
• CVE-2023-36802 — MSKSSRV Type Confusion: FsContextReg/FSStreamReg OOB → PreviousMode LPE
• CVE-2024-21338 — AppLocker Driver Untrusted Pointer Dereference (appid.sys)
• CVE-2024-26170 — CimFS OOB Read → Fake Object Chain → PreviousMode Null → LPE
• CVE-2024-26230 — Windows Telephony Service UAF (EoP)
• CVE-2024-30084 — Kernel Streaming IOCTL_KS_PROPERTY Double Fetch
• CVE-2024-30085 — cldflt.sys Heap Overflow (EoP)
• CVE-2024-30088 — NT Kernel TokenAccessInformation TOCTOU
• CVE-2024-30090 — Kernel Streaming Event Double Fetch + Arbitrary Address Increment
• CVE-2024-35250 — Kernel Streaming KSPROPSETID_DrmAudioStream Arbitrary Call
• CVE-2024-38063 — Windows TCP/IP IPv6 Integer Underflow → Kernel Heap Overflow
• CVE-2024-38238 — Kernel Streaming Forgotten MDL Lock → Arbitrary Physical Memory Write
• CVE-2024-38245 — Kernel Streaming Frame Buffer Misalignment → LookasideList Corruption
• CVE-2024-49138 — CLFS Heap-Based Buffer Overflow via Shadow Block pbImage Sharing
• CVE-2025-21333 — Hyper-V vkrnlintvsp.sys Heap Overflow (WNF + IORING)
• CVE-2025-29824 — CLFS CClfsLogCcb Use-After-Free (IRP Race)
• CVE-2025-30385 — CLFS Driver Use-After-Free
• CVE-2025-32701 — CLFS Log Stream Use-After-Free (ITW Zero-Day)
• CVE-2025-53136 — NT Kernel TOKEN Address Leak via TOCTOU (KASLR Defeat)
• CVE-2025-60709 — CLFS Container Parsing OOB Read → Arbitrary Write
• CVE-2025-60719 — afd.sys Multi-Routine UAF (Endpoint Unbind Race)
• CVE-2025-62215 — NT Kernel Race / Double-Free LPE (ITW)
• CVE-2025-8061 — Lenovo LnvMSRIO.sys BYOVD (Arbitrary MSR + Physical Memory)
• CVE-2026-20820 — CLFS ScanContainers Integer Overflow (IOCTL 0x80076816)
• CVE-2026-31431 — Copy Fail: algif_aead authencesn 4-Byte Page-Cache Write → Linux LPE