VDB

GCVE-110-NCSC-2026-141

GCVE-110-NCSC-2026-141
Advisory PublishedCVSS 7.0/10
Vulnetix · Advisory published May 12, 2026
A double free vulnerability in the Windows Link-Layer Discovery Protocol (LLDP) allows an authorized local attacker to elevate privileges on affected systems.

Weaknesses (CWE)

CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-122Heap-based Buffer OverflowCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-416Use After FreeCWE-190Integer Overflow or WraparoundCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-125Out-of-bounds ReadCWE-401Missing Release of Memory after Effective LifetimeCWE-121Stack-based Buffer OverflowCWE-415Double FreeCWE-126Buffer Over-readCWE-476NULL Pointer DereferenceCWE-191Integer Underflow (Wrap or Wraparound)CWE-1329Reliance on Component That is Not UpdateableCWE-73External Control of File Name or PathCWE-822Untrusted Pointer DereferenceCWE-862Missing Authorization

Risk Scores

CVSS 3.1
7.0/10
High · CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›