Rapid technical analysis of recent vulnerabilities.
CVE-2025-68615 is a buffer overflow vulnerability in the Net-SNMP library. The flaw resides in the conditional check of the `snmp_input` function during the parsing of the incoming trap message. Lack of bound check on the length of the `snmpTrapOID` variable binding allows an attacker to cause a buffer overflow by providing a malformed OID in the PDU message.
Race condition use-after-free vulnerability in Windows AFD driver (`afd.sys`) allowing local privilege escalation to SYSTEM. Occurs when one thread queries socket information (`AFD_MAX_PATH_SEND_SIZE`) while another thread simultaneously unbinds the socket, causing the first thread to dereference freed kernel memory.
A vulnerability in the Windows Common Log File System (CLFS) driver allows out-of-bounds memory reads due to insufficient bounds checking in ClfsGetFirstRecord(). The function validates that attacker-controlled record offsets don't exceed `buffer_size + 40` instead of `buffer_size`, enabling reads of up to 40 bytes beyond allocated buffers, potentially leaking sensitive kernel memory for information disclosure or exploit chain development.
A vulnerability in Windows Cloud Files Mini Filter Driver arises from mapping user-controlled buffers into kernel space and relying on them for both path validation and file creation. By racing a single-byte change in the shared buffer between these steps, an attacker can bypass validation and create arbitrary files in System32 via a junction, enabling SYSTEM-level privilege escalation through DLL hijacking.
CVE-2024-38041 is an information leak vulnerability in the Windows AppID driver (appid.sys). The flaw lies in the handler for IOCTL code 0x22A014, which lacks proper validation of the caller's access mode. Specifically, the AipDeviceIoControlDispatch function does not verify that the request originates from kernel mode. As a result, a user-mode process running as LOCAL SERVICE can trigger this IOCTL to leak kernel pointers via a shared SystemBuffer. By impersonating the LOCAL SERVICE account and invoking the vulnerable IOCTL, an attacker can leak kernel addresses, bypassing KASLR and paving the way for further kernel exploitation.
CVE-2024-21338 is a privilege escalation vulnerability in the Windows AppLocker driver (appid.sys). The flaw resides in the AipSmartHashImageFile function, reachable via IOCTL 0x22A018, which allows user-mode input to control code execution. Specifically, the function dereferences two user-provided pointers from a shared SystemBuffer without verifying their validity or origin. One of these pointers is treated as a function pointer and is called directly from kernel mode.
A vulnerability in the Windows Hyper-V NT Kernel Integration VSP driver exists due to a vulnerable function, VkiRootAdjustSecurityDescriptorForVmwp(), which can be invoked from user mode. This leads to a heap-based buffer overflow, ultimately resulting in privilege escalation.
CVE-2024-30084 is a privilege escalation vulnerability in the Microsoft Kernel Streaming driver (ks.sys) caused by a race condition in how user-supplied data is handled.
CVE-2024-35250 is a logic flaw in the Windows kernel's streaming (KS.sys) IOCTL_KS_PROPERTY handler: its UnserializePropertySet path copies a user-provided request and re-issues the IOCTL in kernel mode.