Skip to main content

Windows Subsystem For Linux

5 CVEs product

Monthly

CVE-2025-62220 HIGH This Month

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows Subsystem For Linux Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-53788 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows Subsystem For Linux Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2022-44689 HIGH PATCH This Week

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Linux Microsoft Privilege Escalation Windows Subsystem For Linux Windows 10 +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38014 HIGH This Week

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Microsoft Azure Iot Edge For Linux +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-43907 CRITICAL PATCH Act Now

Visual Studio Code WSL Extension Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows Subsystem For Linux
NVD
CVSS 3.1
9.8
EPSS
3.8%
EPSS 0% CVSS 8.8
HIGH This Month

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows Subsystem For Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Linux Microsoft Privilege Escalation +5
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux +3
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Visual Studio Code WSL Extension Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows Subsystem For Linux
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy