CVE-2026-20922
ntfs.sys — heap-based buffer overflow allows remote code execution
Summary
| Field | Value |
|---|---|
| Driver | ntfs.sys |
| Vulnerability Class | Buffer Overflow (Heap) |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | January 13, 2026 |
Root Cause
A heap-based buffer overflow in the NTFS driver occurs during NTFS volume metadata processing. Insufficient validation of metadata field sizes allows writing past buffer boundaries.
Exploitation
The attacker provides a crafted NTFS volume (VHD or physical media). The heap overflow corrupts adjacent kernel objects for code execution.
Exploitation Primitive
Crafted NTFS volume → metadata parsing → heap buffer overflow
→ adjacent object corruption → code execution