Kernel Memory Vulnerability in Realtek PCIe and USB Card Reader Drivers
CVE-2022-25480

7.8HIGH

Key Information:

Vendor: Realtek
Status: Rtsper; Rtsuer
Vendor: CVE Published:; 2 July 2024

What is CVE-2022-25480?

A security vulnerability exists in the Realtek RtsPer driver for PCIe card readers and the RtsUer driver for USB card readers, affecting versions prior to 10.0.22000.21355 and 10.0.22000.31274, respectively. This issue permits unauthorized writing to kernel memory, surpassing the boundaries set by the SystemBuffer of the Input/Output Request Packet (IRP). Such an exploit can result in compromised system integrity and potential unauthorized access to sensitive data, necessitating immediate attention and updates to the affected drivers.

References

http://realtek.com

https://www.realtek.com/images/safe-report/Realtek_RtsPer...

https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2024
Vulnerability Reserved
Feb 21, 2022