CVE-2022-21877
Published: 11 January 2022
Summary
CVE-2022-21877 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Microsoft Windows 10. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 5.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-21877 is an information disclosure vulnerability in the Storage Spaces Controller component, classified under CWE-125 as an out-of-bounds read. It carries a CVSS 3.1 score of 5.5 reflecting local attack vector, low attack complexity, and low privileges required with no user interaction needed to impact confidentiality.
A local attacker with low privileges can exploit the flaw to read sensitive information from memory or storage structures controlled by the affected component, without requiring user interaction or elevated rights.
Microsoft has published details and remediation guidance for the issue through its Security Response Center update guide and security advisory portal.
The associated EPSS score has remained flat at a peak and current value of 0.1499 with no material upward trajectory observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27033
Vulnerability details
Storage Spaces Controller Information Disclosure Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.