Windows Subsystem For Linux Wsl2
Monthly
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally.
Local privilege escalation in Microsoft's Windows Subsystem for Linux (WSL2) allows a low-privileged authenticated user on the Windows host to elevate to higher privileges by triggering a buffer over-read (CWE-126). Microsoft (the reporting vendor) has released a fix via MSRC, and there is no public exploit identified at time of analysis. With a CVSS 3.1 base score of 7.8 and full high impact to confidentiality, integrity and availability, it is a meaningful local EoP but requires prior code-execution access on the machine.
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally.
Local privilege escalation in Microsoft's Windows Subsystem for Linux (WSL2) allows a low-privileged authenticated user on the Windows host to elevate to higher privileges by triggering a buffer over-read (CWE-126). Microsoft (the reporting vendor) has released a fix via MSRC, and there is no public exploit identified at time of analysis. With a CVSS 3.1 base score of 7.8 and full high impact to confidentiality, integrity and availability, it is a meaningful local EoP but requires prior code-execution access on the machine.