CVE-2024-33224

Published: May 22, 2024Modified: Mar 13, 2025

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33224

Source: cve@mitre.org

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33224

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.