CVE-2022-40733
Last modified
CVE-2022-40733 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. EPSS estimates a 0.82% chance of exploitation in the next 30 days.
Description
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 11 21h2 | 10.0.22000.593 |
| Microsoft | Windows Server 2022 | 10.0.20348.643 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2022-40733?
How severe is CVE-2022-40733?
How do I fix CVE-2022-40733?
Are you affected by CVE-2022-40733?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST