CVE-2022-21972 - Windows Server VPN remote kernel use after free vulnerability
CVE-2022-21972 is a Windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering the
raspptp.sys
kernel driver. The vulnerability is a race condition issue and can be reliably triggered through sending crafted input to a vulnerable server. The vulnerability can be be used to corrupt memory and could be used to gain kernel Remote Code Execution (RCE) or Local Privilege Escalation (LPE) on a target system. CVE-2022-21972: Windows Server VPN Remote Kernel Use After Free Vulnerability