Windows Kernel-Mode Drivers Remote Code Execution Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
MSRC compact vulnerability detail
CVE-2026-34332 · Windows Kernel-Mode Driver Remote Code Execution Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
Signals
Windows Kernel-Mode Drivers
Remote Code Execution
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Unlikely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
FAQ / Articles
FAQ
According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability? Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.
FAQ
How could an attacker exploit the vulnerability? An attacker could exploit this vulnerability by sending a specially crafted NVMe over Fabrics (NVMe‑oF) response message during the connection handshake process that contains an invalid header length value.