Vulnerability Details : CVE-2022-25479
Potential exploit
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
Products affected by CVE-2022-25479
- cpe:2.3:a:realtek:rtsper:*:*:*:*:*:*:*:*
- cpe:2.3:a:realtek:rtsuer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-25479
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-25479
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |
1.8
|
4.2
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-28 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2024-08-21 |
CWE ids for CVE-2022-25479
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-25479
-
http://realtek.com
Broken Link
-
https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf
Vendor Advisory
-
https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a
gist:feb16f1424779a61cb1d9f6d5681408a ยท GitHubThird Party Advisory
-
https://zwclose.github.io/2024/10/14/rtsper1.html
Vulnerabilities of Realtek SD card reader driver, part 1 | ZwClose
Jump to