Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40733

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

Published

2024-12-18T23:15:07.243

Last Modified

2025-08-26T16:09:46.750

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microsoft	windows_11_21h2	10.0.22000.593	Yes
Operating System	microsoft	windows_server_2022	10.0.20348.643	Yes

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515 Exploit, Third Party Advisory ([email protected])