Vulnerability Description
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realtek | Rtsper | < 10.0.22000.21355 |
| Realtek | Rtsuer | < 10.0.22000.31274 |
References
- http://realtek.comBroken Link
- https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408aThird Party Advisory
- https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_AdvisoVendor Advisory
- https://zwclose.github.io/2024/10/14/rtsper1.html
- http://realtek.comBroken Link
- https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408aThird Party Advisory
- https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_AdvisoVendor Advisory
FAQ
What is CVE-2022-25478?
CVE-2022-25478 is a vulnerability with a CVSS score of 7.8 (HIGH). Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and wr...
How severe is CVE-2022-25478?
CVE-2022-25478 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25478?
Check the references section above for vendor advisories and patch information. Affected products include: Realtek Rtsper, Realtek Rtsuer.