Windows Kernel Address Leak: A Race Against Time
2025-09-12
While analyzing the patch for CVE-2024-43511, a security researcher discovered a new Windows kernel address leak vulnerability. This vulnerability exploits a race condition in the RtlSidHashInitialize() function, allowing attackers to read a kernel address within a small time window. While requiring a race condition, the success rate is high, easily chaining with other vulnerabilities for complete privilege escalation. This vulnerability specifically targets Windows 11/Windows Server 2022 24H2 and later, bypassing Microsoft's previous measures to prevent kernel address leaks. The researcher reported the vulnerability to Microsoft, ultimately assigned CVE-2025-53136.
Read more
Tech
race condition