We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-40733



Description

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

Reserved 2022-09-14 | Published 2024-12-18 | Updated 2024-12-20 | Assigner talos


MEDIUM: 5.0CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Problem types

CWE-476: NULL Pointer Dereference

Product status

Build 22000.593
affected

Credits

Discovered by Jaewon Min of Cisco Talos.

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1515

cve.org (CVE-2022-40733)

nvd.nist.gov (CVE-2022-40733)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-40733

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.