CVE-2022-29116: Windows Kernel Information Disclosure Vulnerability

Overview

Severity

Medium (CVSS 4.7)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-May

Released

2022-05-10

EPSS Score

0.34% (percentile: 56.5%)

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

Affected Products (2)

Windows

• Windows 11 version 21H2 for x64-based Systems
• Windows 11 version 21H2 for ARM64-based Systems

Security Updates (1)

• 5013943

Acknowledgments

<a href="https://twitter.com/b2ahex">b2ahex</a>

Revision History

• 2022-05-10: Information published.