CVE-2022-40733 MEDIUM

CVE-2022-40733

Vendor Microsoft
Product Windows
Weakness CWE-476
Published December 18, 2024
Last update December 20, 2024

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
December 20, 2024 Record updated