CVE-2025-55223
published 2025-09-09CVE-2025-55223: Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate…
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_10_21h2 | < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_22h2 | < 10.0.19045.6332 | 10.0.19045.6332 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6332 | 10.0.19045.6332 |
| microsoft | windows_11_22h2 | < 10.0.22621.5909 | 10.0.22621.5909 |
| microsoft | windows_11_23h2 | < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_24h2 | < 10.0.26100.6508 | 10.0.26100.6508 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5909 | 10.0.22621.5909 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| microsoft | windows_server_2019 | < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_server_2022 | < 10.0.20348.4106 | 10.0.20348.4106 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4171 | 10.0.20348.4171 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1849 | 10.0.25398.1849 |
| microsoft | windows_server_2025 | < 10.0.26100.6508 | 10.0.26100.6508 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
Microsoft
DirectX Graphics Kernel Elevation of Privilege Vulnerability
vendor_msrc·2025-09-09·CVSS 7.0
CVE-2025-55223 [HIGH] CWE-362 DirectX Graphics Kernel Elevation of Privilege Vulnerability
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Graphics Kernel: Graphics Kernel
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:
GHSA
GHSA-hxfm-48cx-mpm6: Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevat
ghsa_unreviewed·2025-09-09
CVE-2025-55223 [HIGH] CWE-362 GHSA-hxfm-48cx-mpm6: Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevat
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
2025-09-09
Published