CVE-2022-22034

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Graphics Component (affected versions not specified)

Description The issue is related to insecure privilege management in the Windows Graphics Component. It allows an attacker to elevate their privileges. The vulnerability can be exploited locally, potentially leading to a privilege escalation. Technical details include the exploitation of Use-After-Free vulnerabilities in various Windows win32kfull functions, such as UMPDDrvStrokePath, UMPDDrvAlphaBlend, UMPDDrvTextOut, UMPDDrvGradientFill, UMPDDrvBitBlt, UMPDDrvStretchBlt, UMPDDrvPlgBlt, UMPDDrvStretchBltROP, and UMPDDrvTransparentBlt, as well as UMPDDrvCopyBits.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Privilege Management

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-416

Related Identifiers

BDU:2022-04534

CVE-2022-22034

ZDI-22-969

ZDI-22-970

ZDI-22-971

ZDI-22-972

ZDI-22-973

ZDI-22-974

ZDI-22-975

ZDI-22-976

ZDI-22-977

ZDI-22-978

Affected Products

Windows

Windows Graphics

CVE-2022-22034

Weakness Enumeration

Related Identifiers

Affected Products

References · 19