Vulnerability Details : CVE-2022-25480
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
Products affected by CVE-2022-25480
- cpe:2.3:a:realtek:rtsper:*:*:*:*:*:*:*:*
- cpe:2.3:a:realtek:rtsuer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-25480
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-25480
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-03-25 |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-08-21 |
CWE ids for CVE-2022-25480
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-25480
-
http://realtek.com
Broken Link
-
https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf
Vendor Advisory
-
https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a
gist:feb16f1424779a61cb1d9f6d5681408a ยท GitHubThird Party Advisory
-
https://zwclose.github.io/2024/10/14/rtsper1.html
Vulnerabilities of Realtek SD card reader driver, part 1 | ZwClose
Jump to