CVE-2026-20822
win32kfull.sys — use-after-free in graphics component allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | win32kfull.sys (Windows Graphics Component) |
| Vulnerability Class | Use-After-Free |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | January 13, 2026 |
Root Cause
The Win32k full graphics driver mismanages object lifetimes during graphical rendering operations. A freed object is dereferenced through a stale pointer, hitting memory the attacker reclaims with controlled data.
Exploitation
The attacker triggers the UAF through specific graphical object sequences. Heap spraying reclaims the freed memory for a kernel corruption primitive that yields SYSTEM.
Exploitation Primitive
Graphical object sequence → UAF → heap reclaim
→ kernel corruption → SYSTEM