Common Vulnerabilities and Exposures (CVE)
CVE-2026-20836
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-47358
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
CVE-2026-20837
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2025-47359
Memory Corruption when multiple threads simultaneously access a memory free API.
CVE-2026-20840
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2025-47363
Memory corruption when calculating oversized partition sizes without proper checks.
CVE-2026-20842
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-47364
Memory corruption while calculating offset from partition start point.
CVE-2026-20844
Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47366
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
CVE-2026-20852
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
CVE-2025-47397
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
CVE-2026-20856
Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2025-47398
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
CVE-2026-20857
Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.