Overview
- Description
- Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
⚠️ Realtek Driver Exploits: A Chain Reaction 💽The combination of vulnerabilities (CVE-2024-40431 & CVE-2022-25479) in the Realtek RtsPer driver presents a significant escalation of privilege risk. Immediate patching or driver removal is recommended for affected systems,
@IntCyberDigest
4 Nov 2024
2567 Impressions
6 Retweets
17 Likes
6 Bookmarks
1 Reply
1 Quote
Yet another successful exploit with @f00fc7c800. Using CVE-2024-40431+CVE-2022-25479 from @zwclose, an NT leak we found on the stack and a trick I learned from @scwuaptx at Hexacon, we managed to get an EOP on Realtek driver 10.0.22000.21350 :) - https://t.co/7vDqqTdZ4O https://t
@reubensammut
9611 Impressions
42 Retweets
129 Likes
62 Bookmarks
3 Replies
1 Quote
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realtek:rtsper:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "126006F2-0655-4EAB-AD95-87AADA0C8F8E",
"versionEndExcluding": "10.0.22000.21355"
},
{
"criteria": "cpe:2.3:a:realtek:rtsuer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B45E5C60-6DE7-4324-84A0-5F4270C6ACA0",
"versionEndExcluding": "10.0.22000.31274"
}
],
"operator": "OR"
}
]
}
]