CVE-2021-31955

Windows Kernel Information Disclosure Vulnerability

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955	Patch Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955	Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31955	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_10_1809::::::::
	cpe:2.3:o:microsoft:windows_10_1909::::::::
	cpe:2.3:o:microsoft:windows_10_2004::::::::
	cpe:2.3:o:microsoft:windows_10_20h2::::::::
	cpe:2.3:o:microsoft:windows_10_21h1::::::::
	cpe:2.3:o:microsoft:windows_server_2004::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_20h2::::::::

History

30 Oct 2025, 19:40

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31955 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31955 - US Government Resource

22 Oct 2025, 00:17

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31955 -

21 Oct 2025, 20:18

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31955', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:19

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31955 -

21 Nov 2024, 06:06

Type	Values Removed	Values Added
References	~~() https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955 - Patch, Vendor Advisory~~	() https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955 - Patch, Vendor Advisory

29 Jul 2024, 17:34

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_10:21h1:::::::* cpe:2.3:o:microsoft:windows_server_2016:2004:::::::* cpe:2.3:o:microsoft:windows_10:1909:::::::* cpe:2.3:o:microsoft:windows_10:2004:::::::* cpe:2.3:o:microsoft:windows_server_2019:-:::::::* cpe:2.3:o:microsoft:windows_server_2016:20h2:::::::* cpe:2.3:o:microsoft:windows_10:1809:::::::* cpe:2.3:o:microsoft:windows_10:20h2:::::::*	cpe:2.3:o:microsoft:windows_10_1909:::::::: cpe:2.3:o:microsoft:windows_server_2019:::::::: cpe:2.3:o:microsoft:windows_10_1809:::::::: cpe:2.3:o:microsoft:windows_10_21h1:::::::: cpe:2.3:o:microsoft:windows_10_20h2:::::::: cpe:2.3:o:microsoft:windows_server_20h2:::::::: cpe:2.3:o:microsoft:windows_server_2004:::::::: cpe:2.3:o:microsoft:windows_10_2004::::::::
First Time		Microsoft windows 10 2004 Microsoft windows 10 1909 Microsoft windows 10 21h1 Microsoft windows 10 20h2 Microsoft windows 10 1809 Microsoft windows Server 20h2 Microsoft windows Server 2004
CWE	~~CWE-200~~	NVD-CWE-noinfo

03 Jul 2024, 01:36

Type	Values Removed	Values Added
CWE		CWE-497

10 Jun 2021, 18:04

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows_10:2004:::::::* cpe:2.3:o:microsoft:windows_10:1809:::::::* cpe:2.3:o:microsoft:windows_server_2016:20h2:::::::* cpe:2.3:o:microsoft:windows_server_2016:2004:::::::* cpe:2.3:o:microsoft:windows_10:21h1:::::::* cpe:2.3:o:microsoft:windows_server_2019:-:::::::* cpe:2.3:o:microsoft:windows_10:20h2:::::::* cpe:2.3:o:microsoft:windows_10:1909:::::::*
References	~~(MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955 -~~	(MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 5.5
CWE		CWE-200

08 Jun 2021, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-06-08 23:15

Updated : 2025-10-30 19:40

NVD link : CVE-2021-31955

Mitre link : CVE-2021-31955

CVE.ORG link : CVE-2021-31955

JSON object : View

Products Affected

microsoft

windows_10_2004
windows_10_1809
windows_10_20h2
windows_server_2004
windows_server_20h2
windows_server_2019
windows_10_21h1
windows_10_1909

CWE

NVD-CWE-noinfo CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-31955

5.5^/10

2.1^/10

Attach tags to `CVE-2021-31955`