Local Privilege Escalation Vulnerability in Broadcom LSI Soft Modem Driver

CVE-2023-31096

What is CVE-2023-31096?

A vulnerability exists in the Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver that allows an attacker to escalate privileges to the SYSTEM level via a stack overflow condition in RTLCopyMemory. This flaw enables exploitation from a medium-integrity process, which can circumvent kernel-level protections, including antivirus and protected process light (PPL) measures. The elevated privileges gained can be utilized in orchestrated ransomware attacks, particularly through bring-your-own-vulnerable-driver (BYOVD) tactics.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

Computerworld

CVE-2023-31096

For January, Patch Tuesday starts off with a bang

The latest update from Microsoft deals with 112 flaws, including eight the company rated critical — and three zero-day exploits. Ninety-five of the vulnerabilities affect Windows.

3 weeks ago

Krebs on Security

CVE-2023-31096

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of…

3 weeks ago

theregister.com

CVE-2023-31096

Windows info-disclosure 0-day bug gets a fix and CISA alert

Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack. The flaw, tracked as CVE-2026-20805 and discovered by Microsoft's own threat intel team, allows an authorized...

3 weeks ago

References