CVE-2026-40369

Name of the Vulnerable Software and Affected Versions Windows 11 versions 24H2 through 25H2 Windows Server 2025 (affected versions not specified)

Description An untrusted pointer dereference in the Windows Kernel allows an authorized attacker to elevate privileges locally to SYSTEM. The issue exists within the ExpGetProcessInformation() function in ntoskrnl.exe. When the NtQuerySystemInformation API endpoint is called with info class 253 and a length argument of zero, the ProbeForWrite guard is bypassed. This allows a caller-supplied kernel address to be used, enabling a deterministic arbitrary increment of kernel memory addresses. This primitive is reachable from unprivileged processes, including browser renderer sandboxes such as Chrome, Edge, and Firefox.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.