Privilege Escalation Vulnerability in Realtek lO Driver
CVE-2024-33224

8.4HIGH

Key Information:

Vendor: Realtek Semiconductor Corp
Vendor: CVE Published:; 22 May 2024

🔔 Create Realtek Semiconductor Corp Vulnerability Alert

What is CVE-2024-33224?

A vulnerability exists in the rtkio64.sys component of the Realtek lO Driver that allows attackers to escalate privileges. By crafting specific IOCTL requests, an attacker can gain unauthorized access and execute arbitrary code within the context of the affected application. This issue highlights the importance of secure driver implementations and the potential risks associated with insufficient validation of incoming requests.

References

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2024