kernel security

Microsoft’s latest push to “raise the bar” for Windows drivers is one of the clearest, most consequential platform moves in years — it changes not just how drivers are certified and signed, but how much driver code Microsoft expects to live in the kernel at all, and it creates new technical...

Microsoft has confirmed a denial‑of‑service flaw in the Storvsp.sys storage Virtualization Service Provider (VSP) driver — tracked as CVE‑2025‑60708 — that allows a locally authorized attacker to trigger a kernel‑mode crash by exploiting an untrusted pointer dereference in the driver, and...

EDR-Redir V2 is the latest proof‑of‑concept tool to exploit Windows’ new bind link facility and the cloud filter stack to create parent‑level filesystem redirections that can blind Endpoint Detection and Response (EDR) products — including a demonstrated bypass of Windows Defender on Windows 11...

The Linux kernel recently received a small but important patch labelled under CVE‑2025‑40051 that tightens how the vhost/vringh code checks return values from copy_from_iter and copy_to_iter; the fix changes the test from “is the result negative” to “did we copy exactly the number of bytes...

A small, surgical fix in the Linux kernel’s CoreSight TRBE driver has been assigned CVE‑2025‑40060 after maintainers corrected an error‑handling mismatch that could otherwise produce a kernel panic on affected systems. Background / Overview The vulnerability lives in the Linux kernel CoreSight...

The Linux kernel patch addressing CVE-2025-40040 fixes a subtle but consequential flag-dropping bug in the KSM madvise path: under specific 64-bit builds a bitwise operation in ksm_madvise could inadvertently clear the upper 32 bits of a VMA’s vm_flags, removing userfaultfd (UFFD) flags and...

A small change in the OCFS2 kernel code — setting a freed pointer to NULL — resolved a formally assigned CVE but highlights a perennial class of Linux kernel risks: double‑free memory corruption that can destabilize hosts, complicate multi‑tenant environments, and, in some cases, provide a local...

A newly published Linux-kernel vulnerability, tracked as CVE-2025-40042, fixes a race condition in kprobe initialization that can lead to a NULL-pointer dereference and a kernel crash — a local, availability-focused defect that has been upstreamed into the kernel stable trees and is being...

A recently assigned CVE identifier, CVE-2025-40013, tracks a kernel-level fix for a null pointer dereference in the Qualcomm ASoC audioreach driver; the patch adds a missing NULL check in the topology-parsing path to prevent dereferencing a NULL or error pointer returned by...

Microsoft’s advisory for CVE-2025-59216 describes a race-condition vulnerability in the Windows Graphics Component that can allow an authenticated local attacker to elevate privileges if they can win a timing window. Executive summary What it is: CVE-2025-59216 is a “concurrent execution using...

Microsoft’s Security Update Guide lists CVE-2025-54092 as a privilege‑escalation vulnerability in Windows Hyper‑V: the issue is described as a concurrent execution using a shared resource with improper synchronization (a race condition) that an authorized local attacker could leverage to elevate...

Microsoft’s advisory for a newly referenced HTTP.sys vulnerability describes an out‑of‑bounds read in the Windows HTTP protocol stack that can be triggered remotely against Internet Information Services (IIS) and other HTTP.sys consumers, allowing an unauthenticated attacker to cause a...

A newly catalogued vulnerability in the Windows Graphics Kernel, tracked as CVE-2025-55236, is a time-of-check/time-of-use (TOCTOU) race condition that Microsoft warns can allow an authorized local attacker to execute code on an affected host; the vendor’s advisory identifies the flaw as a...

Microsoft’s security advisory for CVE-2025-54919 describes a race‑condition flaw in the Windows Win32K graphics subsystem (GRFX) that can be abused by an authenticated local user to execute code in a privileged context; defenders should treat affected hosts as high priority for immediate...

Microsoft’s recent push to harden Azure Linux with a new “OS Guard” capability marks a notable shift in how cloud providers are thinking about host-level protections for container workloads, combining run‑time immutability, code integrity checks, and mandatory access control into an opinionated...

Windows 11’s insistence that low-level drivers must be signed is the single most effective consumer-facing defense Microsoft has built for the Windows kernel — and it’s also one of the clearest examples of security that feels, at times, actively hostile to the people who own the hardware it runs...

Microsoft quietly ended one of Windows’ most enduring visual warnings this summer: the Blue Screen of Death — the cobalt banner that for decades signaled catastrophic system failure — has been replaced with a streamlined black “unexpected restart” screen as part of Windows 11’s ongoing...

Windows Hyper‑V contains a vulnerability tracked as CVE‑2025‑48807 that, according to the vendor advisory, stems from improper restriction of a Hyper‑V communication channel to its intended endpoints and can be abused by an authorized attacker to execute code locally on an affected host. This...

Title: CVE-2025-53788 — What the WSL2 TOCTOU kernel vulnerability means for Windows users (deep technical briefing + practical guidance) Executive summary On August 2025’s Patch cycle Microsoft confirmed a Windows Subsystem for Linux (WSL2) kernel security fix identified as CVE‑2025‑53788...

Microsoft has confirmed CVE-2025-53132 — a race‑condition elevation‑of‑privilege vulnerability in the Windows Win32k – GRFX component — and administrators must treat affected hosts as high‑priority patch targets while applying layered mitigations to reduce immediate risk. Background Windows’...