Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20074

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-12 Aug, 2025 | 16:58
Updated At-26 Feb, 2026 | 17:49
Rejected At-
Credits

Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:12 Aug, 2025 | 16:58
Updated At:26 Feb, 2026 | 17:49
Rejected At:
▼CVE Numbering Authority (CNA)

Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected Products
Vendor
n/a
Product
Intel(R) Connectivity Performance Suite software installers
Default Status
unaffected
Versions
Affected
  • before version 40.24.11210
Problem Types
TypeCWE IDDescription
N/AN/AEscalation of Privilege
CWECWE-367Time-of-check Time-of-use (TOCTOU) Race Condition
Type: N/A
CWE ID: N/A
Description: Escalation of Privilege
Type: CWE
CWE ID: CWE-367
Description: Time-of-check Time-of-use (TOCTOU) Race Condition
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.07.3HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01286.html
N/A
Hyperlink: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01286.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:12 Aug, 2025 | 17:15
Updated At:13 Aug, 2025 | 17:34

Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.3HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-367Primarysecure@intel.com
CWE ID: CWE-367
Type: Primary
Source: secure@intel.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01286.htmlsecure@intel.com
N/A
Hyperlink: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01286.html
Source: secure@intel.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

65Records found
CVE-2024-38407
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.45%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-16 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"sdm429wsnapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmwarefastconnect_6800snapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"wsa8840wsa8835sdm429w_firmwaresnapdragon_7c\+_gen_3_computesc8180x\+sdx55wcd9380qca6420_firmwarefastconnect_6700video_collaboration_vc3_platformwcd9370snapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"qcm5430_firmwarevideo_collaboration_vc3_platform_firmwareqca6430_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)_firmwarewcd9385_firmwarewsa8845snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)fastconnect_6200wcd9340_firmwarewcn3660bwsa8815wsa8845_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"wcn3660b_firmwaresnapdragon_429_mobile_platform_firmwaresc8380xpfastconnect_6200_firmwarewcd9375_firmwarewsa8845h_firmwareqca6391snapdragon_429_mobile_platformqca6420fastconnect_7800aqt1000_firmwaresnapdragon_7c_compute_platform_firmwareqcs6490qcm6490_firmwarewsa8840_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)fastconnect_6900fastconnect_6900_firmwaresc8380xp_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"_firmwareqca6430sm6250fastconnect_6700_firmwarewcd9340wsa8810_firmwarewcd9341_firmwarefastconnect_7800_firmwarewsa8810wsa8845hqcm5430qcs5430wcd9385wcd9341snapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"qcs6490_firmwareqcs5430_firmwareqca6391_firmwarewcd9375snapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"_firmwareaqt1000wcd9370_firmwaresc8180x\+sdx55_firmwaresm6250_firmwarewsa8830_firmwarewcn3620_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqcm6490wsa8815_firmwarewsa8835_firmwarewcn3620snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)_firmwarefastconnect_6800_firmwaresnapdragon_7c_compute_platformSnapdragonaqt1000_firmwarewcd9380_firmwareqcm6490_firmwarewsa8840_firmwarefastconnect_6900_firmwaresc8380xp_firmwaresdm429w_firmwarefastconnect_6700_firmwarewsa8810_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6420_firmwareqcm5430_firmwareqca6430_firmwareqcs6490_firmwareqcs5430_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwarewcd9385_firmwarewcd9370_firmwarewcd9340_firmwaresm6250_firmwarewsa8830_firmwarewsa8845_firmwarewcn3620_firmwarewsa8815_firmwarewcn3660b_firmwarewsa8835_firmwaresnapdragon_429_mobile_platform_firmwarefastconnect_6200_firmwarewcd9375_firmwarewsa8845h_firmwarefastconnect_6800_firmware
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-38153
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.26%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-55680
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.68%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:01
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-55696
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.22%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:01
Updated-22 Feb, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2019
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-38141
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.69%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2016
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-49730
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.62% / 85.82%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022windows_server_2012windows_10_1507windows_11_24h2windows_11_22h2windows_11_23h2windows_server_2022_23h2windows_10_1607windows_10_1809windows_server_2008windows_server_2019windows_server_2025windows_10_21h2windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2019-1380
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 54.27%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-47407
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.54%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 16:43
Updated-06 May, 2026 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_460_mobile_firmwareqmp2001sxr2350p_firmwarewcd9370qxm1083wsa8845h_firmwaresar2130p_firmwaresd865_5g_firmwareqmb715wcd9378wsa8832_firmwaresnapdragon_6_gen_1_mobilevideo_collaboration_vc3_platformfastconnect_6700wcd9395_firmwarewsa8850sm8845pnetrani_firmwarewcn3988video_collaboration_vc1_platformorne_firmwaresnapdragon_8_elite_gen_5_firmwaresm8750p_firmwaresw5100p_firmwaresm8735p_firmwaresnapdragon_w5\+_gen_1_wearable_firmwarexrv7209_firmwarenetraniqxm1083_firmwareqcs2290sm7435_firmwarex1e80100_firmwareqxm1096wcn7861_firmwarewsa8840_firmwarex1e80100snapdragon_685_4g_mobilewsa8850_firmwareqmp1000sw5100wsa8815snapdragon_wear_elite_firmwaresnapdragon_w5\+_gen_1_wearablesxr2350pwsa8850wqpa1083bd_firmwaresnapdragon_680_4g_mobilesnapdragon_ar1\+_gen_1_firmwaresnapdragon_wear_eliteorneqcm4325_firmwareqpa1083bdqxm1094_firmwaresxr2250psm6475qsnapdragon_7_gen_4_mobileqpa1086bdsm6225p_firmwarewcn3980qxm1095sm6850sxr2250p_firmwarewcn7760_firmwareqmp1000_firmwaresnapdragon_8_elite_firmwarewcn7760wsa8850w_firmwarecq8725swcd9395wcn3950_firmwarewsa8810_firmwarewsa8832snapdragon_6_gen_3_mobilesd662qcm4325sar1165p_firmwarewcn7860sar1165pwcn7881_firmwareqcs4290fastconnect_6700_firmwaresar2130psm6475p_firmwaresnapdragon_8_elitesnapdragon_680_4g_mobile_firmwareqmp2001_firmwarewsa8830sm8845p_firmwarewsa8855c_firmwarewcd9380palawan25_firmwarewsa8845_firmwarewcd9375_firmwaresm6475q_firmwaresnapdragon_4_gen_2_mobile_firmwaresnapdragon_ar1\+_gen_1qln1083bdwcn3950video_collaboration_vc3_platform_firmwareqln1086bd_firmwarewcn7881qln1083bd_firmwarewcn3980_firmwarefastconnect_6200_firmwarewsa8830_firmwarewsa8845hwcd9370_firmwaresm7635pwcn7861sm8735psw5100psxr2330p_firmwareqpa1086bd_firmwareqxm1096_firmwaresc8380xp_firmwareqxm1095_firmwarewcn7880sd865_5gsnapdragon_xr2\+_gen_1_firmwaresnapdragon_460_mobilemolokaiwcn6450wsa8855csnapdragon_6_gen_1_mobile_firmwarefastconnect_6900snapdragon_662_mobileqca6391_firmwaresnapdragon_4_gen_2_mobilesm6450pwsa8840wcd9385_firmwareqcm2290_firmwaresm8750pqln1086bdqcm2290sxr2230p_firmwaresnapdragon_7_gen_4_mobile_firmwarewcn6755qmb715_firmwarexrv9209sm7635p_firmwarecq8725s_firmwarefastconnect_7800sm6850_firmwarepandeirocq7790snapdragon_6_gen_3_mobile_firmwarecq7790_firmwareqca6391sm6225psnapdragon_xr2\+_gen_1sw5100_firmwarewcd9378_firmwarewsa8835sm6450p_firmwareqcs2290_firmwaresxr2330psm7435xrv9209_firmwarewcn3988_firmwaresm6475pwcn7860_firmwaresnapdragon_662_mobile_firmwaresnapdragon_685_4g_mobile_firmwarepalawan25sm7435p_firmwareqxm1093_firmwarefastconnect_7800_firmwaresnapdragon_8_elite_gen_5fastconnect_6200snapdragon_xr2_5g_firmwaresm7435pvideo_collaboration_vc1_platform_firmwaresnapdragon_xr2_5gsd662_firmwarexrv7209wsa8815_firmwareqxm1086_firmwarewcn6755_firmwareg2_gen_1_firmwarewsa8835_firmwareqxm1086themisto_firmwareg2_gen_1sc8380xpwcn6450_firmwarefastconnect_6900_firmwarepandeiro_firmwareqxm1094wcd9380_firmwareqxm1093wsa8810sxr2230pmolokai_firmwarewcd9375qcs4290_firmwarewcd9385wsa8845themistowcn7880_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-36304
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.04%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:21
Updated-16 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex OneTrend Micro Apex One as a Service
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2019-1065
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.85% / 75.05%
||
7 Day CHG+0.20%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1803Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1809Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2019Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server 2019 (Server Core installation)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-28137
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.57%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 08:10
Updated-23 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3150_firmwarecharx_sec-3050charx_sec-3000_firmwarecharx_sec-3100_firmwarecharx_sec-3100charx_sec-3000charx_sec-3150charx_sec-3050_firmwareCHARX SEC-3050CHARX SEC-3000CHARX SEC-3150CHARX SEC-3100charx_sec_3150charx_sec_3050charx_sec_3100charx_sec_3000
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-26218
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-27.15% / 96.44%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows 11 version 22H3Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-36927
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 9.12%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in Zoom Rooms for macOS Clients

Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms for macOS
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-3701
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 19:38
Updated-09 Sep, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_update_pluginhardware_scan_pluginhardware_scan_addinVantage SystemUpdate Pluginvantage_systemupdate_plugin
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-21473
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.17%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux

Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
  • Previous
  • 1
  • 2
  • Next
Details not found