Vulnerability Description
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realtek | Rtsper | < 10.0.22000.21355 |
| Realtek | Rtsuer | < 10.0.22000.31274 |
Related Weaknesses (CWE)
References
- http://realtek.comBroken Link
- https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408aThird Party Advisory
- https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_AdvisoVendor Advisory
- https://zwclose.github.io/2024/10/14/rtsper1.html
- http://realtek.comBroken Link
- https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408aThird Party Advisory
- https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_AdvisoVendor Advisory
FAQ
What is CVE-2022-25477?
CVE-2022-25477 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs th...
How severe is CVE-2022-25477?
CVE-2022-25477 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25477?
Check the references section above for vendor advisories and patch information. Affected products include: Realtek Rtsper, Realtek Rtsuer.