5.5
CVE-2021-31955
- EPSS 14.56%
- Published 08.06.2021 23:15:08
- Last modified 07.03.2025 21:54:07
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Windows Kernel Information Disclosure Vulnerability
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1809 Version < 10.0.17763.1999
Microsoft ≫ Windows 10 1909 Version < 10.0.18363.1621
Microsoft ≫ Windows 10 2004 Version < 10.0.19041.1052
Microsoft ≫ Windows 10 20h2 Version < 10.0.19042.1052
Microsoft ≫ Windows 10 21h1 Version < 10.0.19043.1052
Microsoft ≫ Windows Server 2004 Version < 10.0.19041.1052
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.1999
Microsoft ≫ Windows Server 20h2 Version < 10.0.19042.1052
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Kernel Information Disclosure Vulnerability
VulnerabilityMicrosoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.56% | 0.942 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| secure@microsoft.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.