Vulnerability Description
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realtek | Rtsper | < 10.0.22000.21355 |
| Realtek | Rtsuer | < 10.0.22000.31274 |
Related Weaknesses (CWE)
References
- http://realtek.comBroken Link
- https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408aThird Party Advisory
- https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_AdvisoVendor Advisory
- https://zwclose.github.io/2024/10/14/rtsper1.html
- http://realtek.comBroken Link
- https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408aThird Party Advisory
- https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_AdvisoVendor Advisory
FAQ
What is CVE-2022-25480?
CVE-2022-25480 is a vulnerability with a CVSS score of 7.8 (HIGH). Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to ke...
How severe is CVE-2022-25480?
CVE-2022-25480 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25480?
Check the references section above for vendor advisories and patch information. Affected products include: Realtek Rtsper, Realtek Rtsuer.