Vulnerability Description
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realtek | Rtsper | < 10.0.22000.21355 |
| Realtek | Rtsuer | < 10.0.22000.31274 |
Related Weaknesses (CWE)
References
- http://realtek.comBroken Link
- https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408aThird Party Advisory
- https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_AdvisoVendor Advisory
- https://zwclose.github.io/2024/10/14/rtsper1.html
- http://realtek.comBroken Link
- https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408aThird Party Advisory
- https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_AdvisoVendor Advisory
FAQ
What is CVE-2022-25479?
CVE-2022-25479 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leaka...
How severe is CVE-2022-25479?
CVE-2022-25479 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25479?
Check the references section above for vendor advisories and patch information. Affected products include: Realtek Rtsper, Realtek Rtsuer.