← All drivers
vulnerable
Driver

rzpnk.sys

Razer Synapse overlay and peripheral kernel driver

From Razer, Inc.
Part of the Razer family
Status
On a known-vulnerable list
Known variants
1 distinct hashes
Public CVEs
4
Field notes

rzpnk.sys is the kernel companion to Razer Synapse, one of the most widely deployed pieces of gaming peripheral software in the world. Razer Synapse sits on top of nearly every Razer mouse, keyboard, headset, and RGB device for configuration, lighting profiles, and macro support. The kernel driver exists to support the overlay and hardware-control plumbing that the user-mode utility needs.

The driver has a documented public history. Security researchers disclosed three local privilege-escalation vulnerabilities in 2017 (CVE-2017-9769, CVE-2017-9770, CVE-2017-14398) that let unprivileged users escalate to SYSTEM through the driver's interface. A separate but related 2021 story, surfaced by researcher 'jonhat' and widely covered by BleepingComputer, was the installer-side flaw (CVE-2021-44226): plugging a Razer device into a Windows machine triggered the Synapse installer under SYSTEM, and a command prompt could be spawned from the installer dialog.

If you use Razer peripherals, keep Razer Synapse and rzpnk.sys updated through Synapse's own auto-update. If you find rzpnk.sys on a machine that has never had Razer hardware, the leftover Synapse install is worth investigating. The Razer plug-and-play installer surface is also a physical-access concern for unattended Windows desktops in shared spaces.

What the record shows

rzpnk.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “rzpnk.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/rzpnk-sys