CVE-2026-20840
ntfs.sys — heap-based buffer overflow allows remote code execution
Summary
| Field | Value |
|---|---|
| Driver | ntfs.sys |
| Vulnerability Class | Buffer Overflow (Heap) |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | January 13, 2026 |
Root Cause
A heap-based buffer overflow in the NTFS driver occurs when processing crafted NTFS volume metadata. Missing bounds validation allows writing past the allocated buffer.
Exploitation
The attacker provides a crafted NTFS volume. The heap overflow corrupts adjacent kernel objects for code execution.
Exploitation Primitive
Crafted NTFS volume → metadata parsing → heap buffer overflow
→ adjacent object corruption → code execution