CVE-2022-25479

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.

CVSS v3.0 5.5 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://realtek.com	Broken Link
https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf	Vendor Advisory
https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a	Third Party Advisory
https://zwclose.github.io/2024/10/14/rtsper1.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realtek:rtsper::::::::
	cpe:2.3:a:realtek:rtsuer::::::::

History

24 Oct 2024, 17:15

Type	Values Removed	Values Added
References		() https://zwclose.github.io/2024/10/14/rtsper1.html -

21 Aug 2024, 16:09

Type	Values Removed	Values Added
First Time		Realtek rtsper Realtek rtsuer
CPE	cpe:2.3:h:realtek:rtsuer.sys:-:::::::* cpe:2.3:o:realtek:rtsuer.sys_firmware:::::::: cpe:2.3:h:realtek:rtsper.sys:-:::::::* cpe:2.3:o:realtek:rtsper.sys_firmware::::::::	cpe:2.3:a:realtek:rtsper:::::::: cpe:2.3:a:realtek:rtsuer::::::::

21 Aug 2024, 15:23

Type	Values Removed	Values Added
First Time		Realtek rtsper.sys Firmware Realtek Realtek rtsuer.sys Realtek rtsuer.sys Firmware Realtek rtsper.sys
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-401
References	~~() https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf -~~	() https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf - Vendor Advisory
References	~~() http://realtek.com -~~	() http://realtek.com - Broken Link
References	~~() https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a -~~	() https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a - Third Party Advisory
CPE		cpe:2.3:h:realtek:rtsuer.sys:-:::::::* cpe:2.3:o:realtek:rtsuer.sys_firmware:::::::: cpe:2.3:h:realtek:rtsper.sys:-:::::::* cpe:2.3:o:realtek:rtsper.sys_firmware::::::::

02 Jul 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-02 19:15

Updated : 2024-10-28 19:35

NVD link : CVE-2022-25479

Mitre link : CVE-2022-25479

JSON object : View

Products Affected

realtek

rtsuer
rtsper

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10