CVE-2022-40733

CVSS 5 MEDIUMEPSS 0.8%CWE-476

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

18 Dec 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Affected products

Microsoft · Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515