Exploiting a use-after-free in Windows Common Logging File System
10-Mar-22
The kernel driver clfs.sys implements the Common Logging File System, a general-purpose logging service that may be used by both user-space and kernel-space programmes in Windows, is vulnerable to a use-after-free vulnerability. A method for exploiting this issue in Windows to get privilege escalation is also described.
Microsoft addressed this issue in September 2021, along with two other related vulnerabilities, and assigned the CVEs CVE-2021-36955, CVE-2021-36963, and CVE-2021-38633 to them. We chose CVE-2021-36955 to refer to the vulnerability reported here because there is no available information that distinguishes the three CVEs.
