Vulnerabilities > CVE-2022-40732

CVSS 5.0 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

CWE-476

NVD

Published: 2024-12-18

Updated: 2024-12-18

Summary

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1514

Vulnerabilities > CVE-2022-40732 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-40732"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2022-40732