CVE-2022-21876

MEDIUM

Microsoft Windows 10 - Out-of-Bounds Read

Title source: rule

Description

Win32k Information Disclosure Vulnerability

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21876

Vendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21876

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-051/

Scores

CVSS v3 5.5

EPSS 0.0070

EPSS Percentile 72.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (13)

microsoft/windows_10 (2 CPE variants)

microsoft/windows_10 20h2 (3 CPE variants)

microsoft/windows_10 21h1 (3 CPE variants)

microsoft/windows_10 21h2 (3 CPE variants)

microsoft/windows_10 1607 (2 CPE variants)

microsoft/windows_10 1809 (3 CPE variants)

microsoft/windows_10 1909 (3 CPE variants)

microsoft/windows_11 (2 CPE variants)

microsoft/windows_server 20h2

microsoft/windows_server 2022

... and 3 more

Published Jan 11, 2022

Tracked Since Feb 18, 2026