CVE-2022-40732

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.4%

top 38.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows 11 21h2 Microsoft Windows Server 2022

Timeline

PublishedDec 18

Latest updateDec 19

Description

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5microsoft/windowsBuild 22000.593

▶NVDmicrosoft/windows10.0.20348.643

▶NVDmicrosoft/windows_11_21h210.0.22000.593

🔴Vulnerability Details

GHSA

GHSA-h9ph-92gj-fqqg: An access violation vulnerability exists in the DirectComposition functionality win32kbase↗2024-12-19

▶

CVEList

CVE-2022-40732: An access violation vulnerability exists in the DirectComposition functionality win32kbase↗2024-12-18

▶