CVE-2025-21367
win32k.sys — race condition allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | win32k.sys (Win32 Kernel Subsystem) |
| Vulnerability Class | Race Condition |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | February 11, 2025 |
Root Cause
A race condition in the Win32 Kernel Subsystem lets concurrent operations access shared graphical objects with no synchronization. The state corruption leads to privilege escalation.
Exploitation
The attacker triggers the race by issuing concurrent Win32k system calls on shared window or graphical objects. The state corruption gives a kernel memory corruption primitive for SYSTEM escalation.
Exploitation Primitive
Concurrent Win32k operations → race condition
→ state corruption → privilege escalation → SYSTEM