Full Report
The authors of this post had an interesting concern about LLMs: what about the security of targets that no one has ever looked at? There are TBs of binaries on machines that no one has ever looked at. So, they decided to perform zero-day research at scale in Windows Kernel Drivers. The approach and scale of impact were fascinating to see! First, they scrapped the MSFT update catalog, OEM sites, and public driver repos to get 1.6K unique drivers. Next, they performed an analysis of the binaries to determine the attack surface, including IOCTL dispatch complexity and other kernel driver-specific issues. They prioritized the drivers with the most attack surface. Next, they analyzed the binaries in an LLM loop. This required a decompilation agent to rename unnamed functions, deduce functionality, and perform basic reverse engineering tasks. After this, another agent would identify functions worth auditing based on the attack surface and the decompiled code. The final agent would inspect the functions for memory corruption bugs, walking through the call graph to understand the data flow. Once done, the findings were written for another agent to write a proof of concept for a VM-based harness. This required a customized QEMU to test. From this output, they were able to identify the expected crash and analyze the vulnerability's real impact. Finally, they manually validated the reports with a PoC script on a real Windows 11 machine. From there, they submitted the bug to PSIRT themselves. The LLM analysis cost a total of $600, or $3 per chosen target and $4 per bug. On those, they found a wide range of issues, from heap overflows to arbitrary reads. The false positive rate was about 60%. So, a little over 1 in 2. Still, these are great leads and make triaging bugs much easier to do. Only a single vulnerability was fixed from this, which is absolutely crazy. They had some good takeaways. First, agent-assisted bug hunting is cheap but not free. You can realistically create an agent-loop to help find issues at scale for a reasonable cost. The agentic flows require closed loops for figuring everything out themselves. In practice, this means giving the agent a ton of feedback via custom tools/harnesses. With the ability to bugcheck the machine repeatedly, it will eventually find the proper way to exploit it. This was a great post on finding vulnerabilities at scale using LLMs. We're in a gold rush to find all of the vulnerabilities right now!
Analysis Summary
# Vulnerability: Agent-Assisted Bulk Discovery of Windows Kernel Driver Flaws
## CVE Details
- **CVE ID:** CVE-2025-65001 (Primary representative identifier)
- **CVSS Score:** Not explicitly listed (Typically High/Critical for Kernel Memory Corruption)
- **CWE:** CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-787 (Out-of-bounds Write), and various other memory corruption types.
## Affected Systems
- **Products:** Windows Kernel Drivers (.sys files) from third-party vendors.
- **Vendors Identified:** Fujitsu (confirmed fix), Lenovo, IBM, Intel, AMD, Silicom, NVIDIA, and Dell (unresponsive/unpatched).
- **Versions:** Multiple versions across 158 unique driver binaries.
- **Configurations:** Systems running Windows with these legitimate, signed third-party drivers installed (e.g., GPU, peripheral, and OEM-specific utility drivers).
## Vulnerability Description
The research identified a massive class of "unintentional" memory corruption vulnerabilities. Unlike "Living off the Land Drivers" (LOLDrivers) that provide intentional but dangerous APIs, these flaws are standard programming errors—such as heap overflows, arbitrary reads/writes, and buffer overflows—located within the IOCTL (Input/Output Control) dispatch handlers. Specifically, the agents targeted complex dispatch logic and `METHOD_NEITHER` handlers, where the driver is responsible for manually validating user-mode pointers, often failing to do so correctly.
## Exploitation
- **Status:** PoC available (developed by an automated agent loop and manually verified on Windows 11).
- **Complexity:** Medium (Requires valid IOCTL codes and structured input buffers).
- **Attack Vector:** Local (Requires the ability to send IOCTLs to the device object; typically used for Privilege Escalation from User to Kernel mode).
## Impact
- **Confidentiality:** High (Arbitrary memory reads allow for the leakage of kernel pointers and sensitive data).
- **Integrity:** High (Arbitrary writes allow for kernel code execution or modification of security tokens).
- **Availability:** High (Improper memory handling results in BugCheck/BSOD and system instability).
## Remediation
### Patches
- **Fujitsu:** Validated and patched via Fujitsu PSIRT. Users should update Fujitsu-specific drivers to the latest versions.
- **Other Vendors:** Most identified vulnerabilities remain unpatched as of Feb 2026.
### Workarounds
- **Driver Blocklisting:** Admins can manually add the hashes of vulnerable drivers to the Microsoft Recommended Driver Blocklist or via "App Control for Business."
- **Least Privilege:** Ensure users do not have unnecessary administrative rights, though many drivers are reachable by standard users to facilitate hardware function.
## Detection
- **Indicators of Compromise:** Presence of specific driver hashes in `C:\Windows\System32\drivers\`.
- **Detection Methods:**
- Cross-reference environment inventory against the SHA-256 hashes provided in the research (e.g., `4735d2db86a7c27565b0463948f506463b5cdb11a8dd9a89adee91552b071c20`, etc.).
- Monitor for unusual `DeviceIoControl` calls to non-standard drivers.
## References
- **Vendor Advisory (Fujitsu):** hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2025-65001
- **Original Research:** hxxps[://]ydinkin[.]substack[.]com/p/100-kernel-bugs-in-30-days
- **Support Tools:** hxxps[://]www[.]loldrivers[.]io/