CVE-2025-27732
win32k.sys — improper memory locking allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | win32k.sys (Win32K - GRFX) |
| Vulnerability Class | Improper Memory Locking |
| CVSS | 7.0 |
| Exploited ITW | No |
| Patch Date | April 8, 2025 |
Root Cause
The Win32K graphics component mishandles memory page locking during certain graphical operations. Concurrent access reaches memory that should be protected, opening a window for kernel memory corruption.
Exploitation
The attacker exploits the missing lock to corrupt kernel memory through concurrent graphical operations and shapes the corruption for SYSTEM privilege escalation.
Exploitation Primitive
Graphical operation → improper memory locking
→ concurrent access → kernel memory corruption → SYSTEM