CVE-2026-20820
clfs.sys — heap-based buffer overflow allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | clfs.sys |
| Vulnerability Class | Buffer Overflow (Heap) |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | January 13, 2026 |
Root Cause
A heap-based buffer overflow in the CLFS driver occurs during log file metadata processing. Insufficient validation of structure sizes allows writing past buffer boundaries. Part of the recurring CLFS exploitation pattern that has produced 10+ CVEs since 2022.
Exploitation
The attacker crafts a CLFS log file with malformed metadata. The heap overflow corrupts adjacent kernel objects for SYSTEM privilege escalation.
Exploitation Primitive
Crafted CLFS log file → heap buffer overflow
→ adjacent object corruption → SYSTEM