CVE-2022-40733

CVE Database · CVE-2022-40733

CVE-2022-40733

· MEDIUMAnalyzed

CVSS v3.1

5.0

EPSS

0.80%

Published

Dec 18, 2024

Modified

Aug 26, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-476

Affected Products (2)

microsoft · windows_11_21h2vulnerable

microsoft · windows_server_2022vulnerable

References (1)

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1515

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs