CVE-2022-25478

Published: Jul 2, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.

Affected (2)

Products: Realtek: Rtsper, Rtsuer

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Realtek Rtsper	Before 10.0.22000.21355
Realtek Rtsuer	Before 10.0.22000.31274

References (7)

http://realtek.com

Source: cve@mitre.org

Broken Link

https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a

Source: cve@mitre.org

Third Party Advisory

https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf

Source: cve@mitre.org

Vendor Advisory

https://zwclose.github.io/2024/10/14/rtsper1.html

Source: cve@mitre.org

http://realtek.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.