CVE-2021-34516

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft Windows (affected versions not specified)

Description The issue is related to insufficient access restrictions in the Win32k component of Microsoft Windows, allowing an attacker to potentially elevate their privileges. This could affect the system, but specific details about the number of potentially affected devices or real-world incidents are not provided. The vulnerability involves untrusted pointer dereferences and null pointer dereferences in various functions of the Microsoft Windows Canonical Display Driver, including DrvLineTo, DrvFillPath, DrvStrokeAndFillPath, DrvTextOut, DrvStrokePath, DrvGradientFill, DrvStretchBltROPInternal, DrvPlgBltInternal, DrvBitBltInternal, ColorFillBitmap, DrvStretchBltInternal, DrvAlphaBlendInternal, DrvTransparentBltInternal.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

RCE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-269

Related Identifiers

BDU:2022-02740

CVE-2021-34516

ZDI-21-1004

ZDI-21-1005

ZDI-21-1006

ZDI-21-1007

ZDI-21-1008

ZDI-21-1009

ZDI-21-1010

ZDI-21-1011

ZDI-21-1012

ZDI-21-1013

ZDI-21-1014

ZDI-21-1015

ZDI-21-1016

ZDI-21-1017

ZDI-21-1018

ZDI-21-1019

ZDI-21-1020

ZDI-21-1021

ZDI-21-1022

ZDI-21-895

Affected Products

Windows

CVE-2021-34516

Weakness Enumeration

Related Identifiers

Affected Products

References · 29