Techly NewsGet the app

Get the latest tech news

NT OS Kernel Information Disclosure Vulnerability


Bidding farewell to one of the last kernel address leaks, CVE-2025-53136. Even patches can open new doors for exploitation.

That change effectively neutered one of the most accessible KASLR bypass techniques, and, without knowledge of the kernel’s base addresses, exploitation became harder. It provides a powerful kernel address leak for any token handle, which can be easily chained with other vulnerabilities to obtain a complete exploit on the latest version of the system. To fix the issue, when passing parameters to the RtlSidHashInitialize() function, it reads data from a kernel pointer (which is a member of the TOKEN structure), instead of the value set in a user-controlled buffer.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Windows KASLR Bypass

Windows KASLR Bypass

« Walmart's bet on AI depends on getting employees to use it
Gravitational waves finally prove Stephen Hawking's black hole theorem »