An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Microsoft windows 11 21h2
Microsoft windows Server 2022 |
|
CPEs | cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.593:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.643:*:*:*:*:*:*:* |
|
Vendors & Products |
Microsoft windows 11 21h2
Microsoft windows Server 2022 |
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Dec 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | |
Weaknesses | CWE-476 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: talos
Published:
Updated: 2024-12-20T17:22:31.797Z
Reserved: 2022-09-14T21:22:59.117Z
Link: CVE-2022-40733

Updated: 2024-12-20T17:22:27.810Z

Status : Analyzed
Published: 2024-12-18T23:15:07.243
Modified: 2025-08-26T16:09:46.750
Link: CVE-2022-40733

No data.

Updated: 2025-07-12T22:16:18Z