CVE-2022-25480

Published Jul 2, 2024

Last updated 24 days ago

CVSS high 7.8

Overview

Description: Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:realtek:rtsper:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "126006F2-0655-4EAB-AD95-87AADA0C8F8E",
            "versionEndExcluding": "10.0.22000.21355"
          },
          {
            "criteria": "cpe:2.3:a:realtek:rtsuer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B45E5C60-6DE7-4324-84A0-5F4270C6ACA0",
            "versionEndExcluding": "10.0.22000.31274"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References