CVE-2022-40733

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.593:::::::*
	cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.643:::::::*

History

26 Aug 2025, 16:09

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.593:::::::* cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.643:::::::*
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515 - Exploit, Third Party Advisory
Summary		(es) Existe una vulnerabilidad de violación de acceso en la funcionalidad DirectComposition del controlador win32kbase.sys versión 10.0.22000.593 como parte de Windows 11 versión 22000.593 y versión 10.0.20348.643 como parte de Windows Server 2022 versión 20348.643. Un conjunto de llamadas al sistema especialmente manipulado puede provocar un reinicio. Un usuario sin privilegios puede ejecutar código especialmente manipulado para activar una denegación de servicio.
First Time		Microsoft Microsoft windows Server 2022 Microsoft windows 11 21h2

18 Dec 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-18 23:15

Updated : 2025-08-26 16:09

NVD link : CVE-2022-40733

Mitre link : CVE-2022-40733

CVE.ORG link : CVE-2022-40733

JSON object : View

Products Affected

microsoft

windows_server_2022
windows_11_21h2

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2022-40733", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-12-18T23:15:07.243", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service."}, {"lang": "es", "value": "Existe una vulnerabilidad de violaci\u00f3n de acceso en la funcionalidad DirectComposition del controlador win32kbase.sys versi\u00f3n 10.0.22000.593 como parte de Windows 11 versi\u00f3n 22000.593 y versi\u00f3n 10.0.20348.643 como parte de Windows Server 2022 versi\u00f3n 20348.643. Un conjunto de llamadas al sistema especialmente manipulado puede provocar un reinicio. Un usuario sin privilegios puede ejecutar c\u00f3digo especialmente manipulado para activar una denegaci\u00f3n de servicio."}], "lastModified": "2025-08-26T16:09:46.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.593:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "996BBFF9-9F06-4CD3-ACF8-4B6D34C380FF"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.643:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE2FCCB0-B2D4-475A-BCA8-C2F943EB26A3"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}