CVE-2020-1419

MEDIUM

Windows 10 and Windows 7 and Windows 8.1 and Windows RT 8.1 - Information Disclosure via Uninitialized Memory

Title source: llm

Description

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1419

Scores

CVSS v3 5.5

EPSS 0.0130

EPSS Percentile 66.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-909

Status published

Products (19)

microsoft/windows_10 (2 CPE variants)

microsoft/windows_10 1607 (2 CPE variants)

microsoft/windows_10 1709 (3 CPE variants)

microsoft/windows_10 1803 (3 CPE variants)

microsoft/windows_10 1809 (3 CPE variants)

microsoft/windows_10 1903 (3 CPE variants)

microsoft/windows_10 1909 (3 CPE variants)

microsoft/windows_10 2004 (3 CPE variants)

microsoft/windows_7 (2 CPE variants)

microsoft/windows_8.1 (2 CPE variants)

... and 9 more

Published Jul 14, 2020

Tracked Since Feb 18, 2026