An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Microsoft windows 11 21h2
|
|
CPEs | cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.593:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.643:*:*:*:*:*:*:* |
|
Vendors & Products |
Microsoft windows 11 21h2
|
Mon, 14 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Dec 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | |
Weaknesses | CWE-476 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: talos
Published:
Updated: 2024-12-20T17:22:05.281Z
Reserved: 2022-09-14T21:22:59.116Z
Link: CVE-2022-40732

Updated: 2024-12-20T17:21:50.735Z

Status : Analyzed
Published: 2024-12-18T23:15:07.060
Modified: 2025-08-26T16:11:12.313
Link: CVE-2022-40732

No data.

Updated: 2025-07-13T11:21:54Z