CVE-2025-32722
storport.sys — buffer over-read leaks kernel memory
Summary
| Field | Value |
|---|---|
| Driver | storport.sys (Storage Port Driver) |
| Vulnerability Class | Information Disclosure (Buffer Over-Read) |
| CVSS | 5.5 |
| Exploited ITW | No |
| Patch Date | June 10, 2025 |
Root Cause
The Storage Port driver skips buffer boundary checks when handling storage requests. A buffer over-read leaks kernel memory contents to user mode.
Exploitation
The attacker sends crafted storage port requests. The over-read returns kernel memory, giving a KASLR bypass primitive.
Exploitation Primitive
Crafted storage port request → buffer over-read
→ kernel memory leak → information disclosure