Vulnerability Details : CVE-2022-25477
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.
Products affected by CVE-2022-25477
- cpe:2.3:a:realtek:rtsper:*:*:*:*:*:*:*:*
- cpe:2.3:a:realtek:rtsuer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-25477
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-25477
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-29 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | 2024-08-21 |
CWE ids for CVE-2022-25477
-
The product writes sensitive information to a log file.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-25477
-
http://realtek.com
Broken Link
-
https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf
Vendor Advisory
-
https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a
gist:feb16f1424779a61cb1d9f6d5681408a ยท GitHubThird Party Advisory
-
https://zwclose.github.io/2024/10/14/rtsper1.html
Vulnerabilities of Realtek SD card reader driver, part 1 | ZwClose
Jump to